Republic of Ghana Diagnostic Review of Financial Consumer Protection Key Findings and Recommendations June 2016 This Diagnostic Review is a product of the staff of the International Bank for Reconstruction and Development/The World Bank. The findings, interpretations, and conclusions expressed herein do not necessarily reflect the views of the Executive Directors of the World Bank or the governments they represent. 1 Contents Abbreviations and Acronyms ...................................................................................................... 5 Acknowledgements ..................................................................................................................... 7 Executive Summary .................................................................................................................... 8 1 Introduction ....................................................................................................................... 17 2 Cross-Sectoral Financial Consumer Protection Issues ...................................................... 20 2.1 Legal, Regulatory, and Supervisory Framework ....................................................... 20 2.1.1 Key findings..................................................................................................... 20 2.1.2 Recommendations............................................................................................ 21 2.2 Data Privacy and Protection in the Financial Sector .................................................. 21 2.2.1 Key findings..................................................................................................... 21 2.2.2 Recommendations............................................................................................ 22 2.3 Dispute Resolution in the Financial Sector ................................................................ 23 2.3.1 Key findings..................................................................................................... 23 2.3.2 Recommendations............................................................................................ 25 3 Bank and Nonbank Deposit and Credit Products and Services ......................................... 26 3.1 Legal, Regulatory and Supervisory Framework ........................................................ 27 3.1.1 Key findings..................................................................................................... 27 3.1.1.1 Institutional, legal and regulatory framework .................................. 27 3.1.1.2 Supervisory framework .................................................................... 30 3.1.2 Recommendations............................................................................................ 32 3.2 Disclosure and Sales Practices ................................................................................... 34 3.2.1 Key findings..................................................................................................... 34 3.2.1.1 Disclosure ......................................................................................... 34 3.2.1.2 Sales practices .................................................................................. 36 3.2.2 Recommendations............................................................................................ 36 3.3 Fair Treatment and Business Conduct ....................................................................... 37 3.3.1 Key findings..................................................................................................... 37 3.3.2 Recommendations............................................................................................ 39 3.4 Privacy and Data Protection ....................................................................................... 40 3.4.1 Key findings..................................................................................................... 40 3.4.2 Recommendation ............................................................................................. 41 3.5 Dispute Resolution Mechanisms ................................................................................ 41 3.5.1 Key findings..................................................................................................... 41 3.5.2 Recommendations............................................................................................ 45 4 Payments ............................................................................................................................ 45 4.1 Legal, Regulatory and Supervisory Framework ........................................................ 45 4.1.1 Key findings..................................................................................................... 45 4.1.1.1 Legal and Regulatory framework ..................................................... 45 4.1.1.2 Supervisory framework .................................................................... 47 4.1.2 Recommendations............................................................................................ 48 4.2 Disclosure and Sales Practices ................................................................................... 49 4.2.1 Key findings..................................................................................................... 49 4.2.2 Recommendations............................................................................................ 51 4.3 Fair Treatment and Business Conduct ....................................................................... 52 4.3.1 Key findings..................................................................................................... 52 4.3.2 Recommendations............................................................................................ 53 4.4 Data Privacy and Protection and Operational Reliability .......................................... 54 4.4.1 Key findings..................................................................................................... 54 4.4.2 Recommendations............................................................................................ 54 4.5 Dispute Resolution Mechanisms ................................................................................ 55 4.5.1 Key findings..................................................................................................... 55 4.5.2 Recommendations............................................................................................ 55 5 Insurance ............................................................................................................................ 56 5.1 Legal, Regulatory and Supervisory Framework ........................................................ 56 5.1.1 Key findings..................................................................................................... 56 5.1.1.1 Insurance (other than health insurance)............................................ 56 5.1.1.2 Health Insurance ............................................................................... 58 5.1.2 Recommendations............................................................................................ 60 5.2 Disclosure and Sales Practices ................................................................................... 62 5.2.1 Key findings..................................................................................................... 62 5.3 Fair Treatment and Business Conduct ....................................................................... 65 5.3.1 Key findings..................................................................................................... 65 5.3.2 Recommendations............................................................................................ 65 5.4 Data Privacy and Protection ....................................................................................... 66 5.4.1 Key findings..................................................................................................... 66 5.4.2 Recommendations............................................................................................ 66 5.5 Dispute Resolution Mechanisms ............................................................................... 66 5.5.1 Key findings..................................................................................................... 66 5.5.1.1 Insurance (except Health Insurance) ................................................ 66 5.5.1.2 Health Insurance ............................................................................... 67 5.5.2 Recommendations............................................................................................ 67 5.6 Guarantee Schemes and Insolvency ........................................................................... 68 6 ANNEX – A ...................................................................................................................... 69 7 ANNEX – B....................................................................................................................... 70 Tables Table 1: List of Key Recommendations ................................................................................. 12 Table 2: Key Laws Relevant to Consumer Protection ............................................................ 69 Table 3: List of Institutions Met .............................................................................................. 70 Figures Box 1: Overview of the Ghanaian Financial Sector and Financial Inclusion in Ghana .......... 18 Box 2: Categorization of NBFI into Tiers ............................................................................... 28 Box 3: Microcredit insurance by microfinance institutions in Ghana ..................................... 64 Abbreviations and Acronyms ACH Automated Clearing House ARB Association of Rural Banks BoG Bank of Ghana B&L Act Borrowers and Lenders Act BSD Bank Supervision Department BSDTI Banking and Specialized Deposit-Taking Institutions Bill DPC Data Protection Commission CEO Chief Executive Officer CPA Consumer Protection Agency CPMI Committee on Payments and Market Infrastructure CUA Credit Union Association CUSA Credit Union Supervisory Agency DPC Data Protection Commission EDR External Dispute Resolution EIR Effective Interest Rate FCP Financial Consumer Protection FSD Financial Stability Department GAB Ghana Association of Bankers GAMC Ghana Association of Microcredit Companies GHAMFIN Ghana Association of Microfinance Institutions GHS Ghana Cedis GIZ Gesellschaft für Internationale Zusammenarbeit GOG Government of Ghana IDR Internal Dispute Resolution IFC International Finance Corporation INFO International Network of Financial Services Ombudsman Schemes KFS Key Facts Statement LI Legislative Instrument MCU Market Conduct Unit MFI Microfinance Institution MoU Memorandum of Understanding MNO Mobile Network Operator MoFEP Ministry of Finance and Economic Planning MTI Ministry of Trade and Industry MTO Money Transfer Operator NBFI Non-bank Financial Institutions NHIA National Health Insurance Authority NIC National Insurance Commission NPC National Payment Council NPS National Payment System NPSO National Payment System Office NSD NBFI Supervision Department PHIS Private Health Insurance Schemes PIN Personal Identification Number POS Point of Service PSA Payment System Act PU Payments Unit SECO Swiss State Secretariat for Economic Affairs SMS Short Message Service SSA Sub-Saharan Africa WB World Bank WBG World Bank Group Currency Equivalents US$1 = 3.88 GHS (Exchange Rate effective June 04, 2016) Acknowledgements A World Bank Mission visited Ghana from February 15-26, 2016 to prepare a Diagnostic Review of Financial Consumer Protection.1 This Diagnostic Review was prepared by a World Banks Finance and Markets Global Practice team led by Andrej Popovic (Senior Financial Sector Specialist) and including Denise Dias (Senior Financial Sector Specialist), Alice Zanza (Senior Financial Sector Specialist), Marco Traversa (Analyst), Karen Den-Toll (Insurance Consultant), and Douglas Melville (Dispute Resolution Consultant). Operational support was provided by Afua Entsuah (Consultant) and Gregoria Dawson (Program Assistant) from the World Bank Country Office in Ghana. Oversight of the project was provided by Irina Astrakhan (Practice Manager, Finance and Markets Global Practice). The team is thankful to Henry Kerali (Country Director for Ghana) and Errol Graham (Program Leader) for their advice and support. Peer review comments were received from Jennifer Chien (Senior Financial Sector Specialist), Harish Natarajan (Lead Financial Sector Specialist), and Peter Wrede (Senior Insurance Specialist). The team expresses its appreciation to the Ghanaian authorities, including the Ministry of Finance and Economic Planning, Bank of Ghana, the National Insurance Commission, and the National Health Insurance Authority, as well as the representatives of financial industry, civil society, and donor community for their cooperation and collaboration during the preparation of the Review. The Review was prepared as part of the Swiss State Secretariat for Economic Affairs’ (SECO) Global Trust Fund for Consumer Protection and Financial Literacy. 1 The Review is part of the World Bank Program on Consumer Protection and Financial Literacy, which seeks to identify key measures in strengthening financial consumer protection to help build consumer trust in the financial sector—and expand the confidence of households to wisely use financial services. The Reviews are conducted against Good Practices and have been prepared by the World Bank in both middle as well as low-income countries. For more details and country reports please refer to the following link: http://responsiblefinance.worldbank.org/diagnostic-reviews. Executive Summary 1. The objective of the Diagnostic Review of Financial Consumer Protection in Ghana is to assess the legal, regulatory, and institutional framework for financial consumer protection (FCP) and develop prioritized and tailored recommendations aimed at reforming and operationalizing the framework for FCP. The assessment is based on the revised and enhanced World Bank Good Practices for Financial Consumer Protection (forthcoming) and focuses on retail products and services in four sectors: i) banks and nonbank financial institutions (NBFIs); ii) payments; and iii) insurance. Further, the review covers five topics in each of the above-mentioned sectors: i) legal, regulatory, and supervisory framework; ii) disclosure and sales practices; iii) fair treatment and business conduct; iv) data privacy; and v) dispute resolution mechanisms. The report is based on the review of the legal and regulatory framework, as well as planned reforms (e.g. draft regulations) that were presented to or discussed with the World Bank team. It also features industry practices based on anecdotal evidence gathered through interviews with financial services providers, financial regulators, and consumer and industry associations. 2. Financial consumer protection is becoming an increasingly important topic in Ghana, and the authorities have already taken initial steps towards addressing some of the existing challenges. In particular the authorities’ initiatives include recent as well as planned reforms of relevant laws and regulations in the banking, NBFI, and insurance sectors, as well as the establishment of a separate market conduct unit within the Bank of Ghana (BoG). BoG is also taking steps to improve prudential supervision, particularly in the microfinance sector, in order to protect depositors and build confidence in financial sector. In line with their FCP objectives, the authorities have requested this diagnostic review of FCP along with implementation support. As a result, and in addition to this report, the World Bank has mobilized trust fund resources for initial technical assistance aimed at supporting the BoG in operationalizing its market conduct function, which would initiate support with implementation of some of the recommendations in this specific area. 3. Strengthening and operationalizing a FCP framework in Ghana is critical for promoting responsible financial inclusion, in particular given the advent of novel products and innovative delivery channels. Financial inclusion in Ghana is still low with only 40 percent of adults (age 15 and above) having an account at formal financial institution. It is however likely expand gradually given the large number and wide range of regulated financial services providers, some of which are also relying on innovative products and delivery channels. For example, Ghana is experiencing innovation in mobile financial services with payments, microcredit and insurance products increasingly being made available through mobile phones and/or agents. In some cases this development has blurred the lines between the financial and other sectors such telecommunications. Whilst mobile financial services can help fulfill important financial inclusion objectives, they can nonetheless add a further degree of complexity and risk both to the payments system and the financial system in general. As diverse formal financial services are expanded to previously excluded consumer segments that may have limited or no prior experience, knowledge, or familiarity in this area, it is critical to ensure that new products and services are rolled out in a responsible way, with minimum consumer protection measures integrated and supervised from the outset. 4. The existing legal and regulatory framework includes some provisions addressing financial consumer protection issues, while work is underway on further expansion of market conduct requirements. In the credit products segment for example, these include provisions, albeit still limited, related to disclosure, over- indebtedness, fraud, complaints handling, and data protection. Further initiatives are underway which are expected to lead to more detailed regulations focusing on internal dispute resolution requirements (at the financial institution level) and disclosure requirements, including the calculation of effective interest rate (EIR). 5. The institutional mandates for FCP appropriately rest with financial sector regulators (either explicitly or implicitly) but further capacity building is needed to fully operationalize this function. The institutional mandate to regulate and supervise financial consumer protection in the banking, NBFI, and payments sectors rests with the BoG, while the National Insurance Commission (NIC) is responsible for the insurance sector, except health insurance which is covered by the National Health Insurance Authority (NHIA). However, the capacity of BoG and NIC to effectively regulate and even more so to supervise market conduct rules is still limited and emphasis is placed on handling of complaints. NHIA is only in the very early stages of considering FCP issues. 6. There are three major cross-sectoral issues that if left unaddressed could have a negative impact on implementation of the FCP agenda.  First, the Ministry of Trade and Industry (MoTI) is sponsoring a general Consumer Protection Bill, which also aims to cover financial services that would, as such, result in overlapping legal and institutional mandates for FCP. As currently proposed, the bill would overlap with current frameworks and mandates for regulation and supervision of the financial sector which is the responsibility of the respective financial sector regulators. This proposed coverage also conflicts with the Banking and Specialized Deposit-Taking Institutions (BSDTI) Bill which aims to expand the consumer protection mandate of the BoG.  Second, the enforcement of the data privacy regime needs to be strengthened and the capacity of the authority in charge of this agenda needs to be enhanced. The Data Protection Act 2 has recently entered into force, and a Data Protection Commission (DPC) has been established but is still in the institution building mode. As a result of still limited ability of DPC to enforce its mandate and limited cooperation with the financial supervisors, many financial services providers are not registered with the DPC as per the requirements of the law and so as to guarantee the safekeeping of customer information.  Third, clearer internal dispute resolution (IDR) requirements need to be introduced, while in the medium to long term BoG’s and NIC’s mandates with regard to external dispute resolution (EDR) need to be clarified. IDR 2 Data Protection Act, Art. 46. practices of financial services providers are variable, ranging from mature to non-existent. BoG’s E-Money Guidelines include IDR requirements for payment service providers issuing e-money. Similar requirements need to be extended to all other payment service providers. Also, once adopted, the new draft regulation from the Bank of Ghana (Recourse Mechanisms for Financial Service Providers, September 2015) will greatly assist in this regard for banks and non-banks, and these should be implemented as soon as possible. Finally, further clarifications and expansion of IDR requirements in the insurance sector (including health insurance) is needed. In terms of EDR, both BoG and NIC handle complaints; however, there is lack of clarity regarding their mandates, and these activities are ad hoc and heavily reliant upon moral suasion. Most importantly, it is done in the absence of a comprehensive and enforceable regulatory and supervisory framework for FCP, which is a key enabler of an effective external dispute resolution system. 7. Although there is a separate market conduct unit (MCU) within the BoG, market conduct supervision is not yet done, and the legal and regulatory framework for credit and savings products includes only limited FCP provisions. The most comprehensive legislation is the Borrowers and Lenders (B&L) Act but it only covers credit services and products. BoG is sponsoring a new Bill covering all deposit taking institutions (i.e. BSDTI) and has drafted two regulations on disclosure and transparency of credit products and internal dispute resolution, to address some of the current gaps. Additionally, the MCU is in a nascent stage and does not conduct supervision nor does it take enforcement actions against providers that do not comply with existing standards. The MCU is still a unit within the Financial Stability Department (FSD) and is therefore at a lower hierarchical level compared to other prudential supervisory functions which are separate departments within the BoG. 8. Given the lack of clear requirements, industry practices amongst financial services providers vary extensively. In terms of disclosure and transparency there is no standard practice and only some financial services provider present their clients with a summary sheet or a clear re-payment schedule including the EIR. Additionally, there is no standardization in terms of definition of fees and charges, and some providers disclose nominal interest rates on annual basis while others present monthly rates which impairs the consumer ability to compare the cost of financial services and products. In regards to fair treatment principles, policies also vary from institution to institution. For example, while it is common for credit unions to bundle insurance coverage with loans other institutions do not seem to resort to such a practice. Debt collection practices, despite the legal requirements, appear to be abusive. Training of staff in financial consumer protection principles is not done in any of the institutions met. 9. BoG’s overall payment oversight function is weak and relevant FCP provisions are limited and often not applied in practice. While BoG has established the National Payment System Office (NPSO), it does not enjoy the same hierarchical level as other supervision departments. Additionally, there is little coordination between departments, which results in FCP issues in payments not being supervised. In fact, while the Payment Systems Act (PSA) has some rules on FCP and the E-Money Guidelines have sections dedicated to FCP. 10. Payment service providers also lack consistent consumer protection policies and practices and often do not fully adhere to regulatory requirements. While it is not common to disclose fees and charges or to train staff and agents in FCP, a few providers do have such requirements. Moreover, the few existing regulatory requirements do not seem to be applied consistently, and while all e-money providers have in place measures to protect customers’ funds, a lot of the rules included in the FCP section of the e-Money Guidelines do not appear to be applied consistently by payment service providers and are not enforced by BoG. 11. Consumer protection for insurance in Ghana is still developing and is not sufficiently addressed in the insurance laws. Despite its capacity constraints, the NIC has been proactive in addressing some FCP issues. In addition to resource constraints, there are considerable legal and regulatory gaps. The NHIA is in the very early stages of its supervisory and regulatory work, and possesses a much lower level of understanding of consumer protection issues than NIC. A joint effort with NIC to implement a common regime for FCP across all types of insurance products would allow more confidence in the growing insurance sector in Ghana. 12. A summary of the key recommendations are listed in Table 1 below. These recommendations should be given priority though some may take more time to consider and implement than others. Hence, indicative timeframes (short, medium and long term) and priority level (high, medium) were assigned to each recommendation along with institutional responsibilities. Table 1: List of Key Recommendations Timefra Key Recommendations Responsible Party Priority me A. LEGAL, REGULATORY AND SUPERVISORY FRAMEWORK All references to financial services should be excluded from the Consumer Protection Bill sponsored MoTI, NIC, BoG, by MoTI and the supervisory and regulatory powers in relation to financial services should remain Government of Ghana High Short with the respective financial sector regulators. (GoG) The BoG should amend the NBFI Act to explicitly state BoG’s mandate for financial consumer BoG, GOG Medium Medium protection in the NBFI sector, and facilitate adoption of BSDTI which includes such provisions. The BoG should amend the legal and regulatory framework governing payments to explicitly state BoG High Medium BoG’s financial consumer protection mandate and expand FCP provisions. BoG MCU to develop and gradually implement a strategy for market conduct regulation and BoG Market Conduct High Medium supervision. Unit BoG Market Conduct In the interim period, while BOG MCU builds its internal capacity to fully assume its supervisory Unit, Banking role, it is recommended that financial consumer protection provisions are supervised by other relevant Supervision Department, High Short departments; hence, BoG could rely on existing expertise within Bank and NBFI supervision NBFI Supervision departments and NPSO to fulfil this role with participation from MCU staff for training purposes. Department, NPSO Finalize and adopt the new Insurance Act which should provide NIC with explicit mandate for financial consumer protection and include a separate part with specific and properly elaborated NIC, GoG High Medium financial consumer protection provisions. The National Health Insurance Act should clearly state the NHIA’s mandate for consumer protection, NIC, NHIA Medium Medium and include specific provisions on consumer protection. An appropriate definition of “health insurance” needs to be inserted in both the National Health Insurance Act and the National Insurance Act to ensure that it is clear where the lines are drawn on such products. The NIC should issue more comprehensive Market Conduct Rules and/or a Code of Practice relating NIC High Medium to key subject areas and also issue the new Market Conduct Rules for mobile insurance. NIC and NHIA should explore opportunities for developing a common regulatory and supervisory NIC, NHIA Medium Long approach for consumer protection across all insurance classes. Both the NIC and the NHIA should ensure that they each have clear and measurable plan to increase their consumer protection capability and activities, and ensure that, over time, consumer protection NIC, NHIA High Short receives dedicated focus, and sufficient attention, as compared to prudential supervision. Both the NIC and NHIA should publish key information on the insurance sector in a regular and NIC, NHIA High Short timely manner, ensuring easy access for consumers and the insurance sector. B. DISCLOSURE AND SALES PRACTICES BoG Market Conduct Unit, Banking The BoG should expedite adoption of the draft Regulation on Disclosure and Product Transparency Supervision Department, High Short Rules for Credit Products and Services and start enforcing its implementation. NBFI Supervision Department Specific disclosure and sales practices requirements should be expanded beyond credit products, BoG Market Conduct particularly for savings and checking accounts. This can be done either by expanding the provisions Medium Medium Unit of the existing draft regulation or developing a separate regulation. BoG Banking Develop and adopt regulation on disclosure and sales practices requirements for payment service Department, Market High Medium providers. Conduct Unit Start enforcing existing disclosure requirements from the Payment Systems Act and the E-money BoG Banking High Short Guidelines. In the interim this can be done by the Banking Department with gradual transitioning of Department and Market this role to MCU as it builds capacity. Conduct Unit The NIC should make amendments to existing guidelines or rules in order to make their application NIC Medium Short clear. The NHIA should develop and implement a plan for the phased introduction of market conduct rules NHIA High Medium for private health insurance schemes. C. FAIR TREATMENT AND BUSINESS CONDUCT The BoG should begin systematic monitoring of business practices in relation to payment, credit, and BoG Market Conduct Medium Short savings products and assess whether they are fair and adequate. Unit Specific regulatory requirements should be introduced to curb unfair practices and set minimum BoG Market Conduct High Medium business conduct standards for all types of providers regulated by BoG, in addition to lenders. Unit The NIC and NHIA should work towards implementing requirements to close current gaps in the rules, with a priority on implementing fairness and conduct requirements, and addressing current NIC, NHIA High Medium issues. D. DATA PROTECTION AND PRIVACY The BoG, NIC, and NHIA should engage with the Data Protection Commission to ensure the registration of all regulated financial service providers, including credit bureaus and insurance BoG, NIC, NHIA, Data High Short intermediaries, with Data Protection Commission in line with provision of the Data Protection Act Protection Commission and follow-up on compliance with the general data protection provisions of the law. E. DISPUTE RESOLUTION MECHANISMS BoG to finalize and issue the draft regulation on Recourse Mechanisms for Financial Service BoG Market Conduct Providers (i.e. internal dispute resolution-IDR) and at a subsequent stage to begin oversight and High Short Unit enforcement of requirements. BoG to develop training for financial service providers to support adoption of IDR requirements set BoG Market Conduct Medium Short out in draft regulation on Recourse Mechanisms for Financial Service Providers Unit Both the NIC and the NHIA should issue and enforce clear requirements for IDR processes for NIC and NHIA High Medium insurers and for intermediaries (as relevant). NIC and the NHIA to develop training for financial service providers to support adoption of clear NIC and NHIA Medium Medium requirements for IDR. BoG and NIC should each develop and implement consistent, mandatory, binding and enforceable external dispute resolution (EDR) schemes and establish separate units to resolve financial consumer BoG, NIC High Medium complaints in the banking, NBFI, payments, and insurance sectors. Until the establishment of specialized complaints handling units, BoG and NIC should ensure that they have specialized staff dedicated to their existing EDR function to the extent possible without BoG, NIC High Short undermining the supervisory function. BoG and NIC to embark on programs of capacity building on international good practices for EDR schemes as well as staff training and development in the areas of inquiry and case file handling, BoG, NIC High Medium investigation, and mediation/adjudication. BoG and NIC to explore the possibility of gradually securing some or all of the required financial resources from industry for external dispute resolution schemes through some combination of levies and/or case fees to either supplement or replace their own funding of the cost of that function. The BoG, NIC Medium Long appropriate transition point for considering this approach is once the IDR regulations have been made operational and once the respective EDR functions are operationalized. The NHIA to establish the Adjudication Committee as required under the National Health Insurance Act, and ensure that both private health insurance schemes (PHIS) and PHIS scheme members are NHIA High Medium made aware of its role, and their access to it. This scheme should be harmonized with EDR approaches undertaken by BOG and NIC. With regard to external dispute resolution, the financial sector regulators should explore opportunities BOG, NIC, NHIA, for establishment of a single dispute resolution mechanism for financial sector in the long term (e.g. Medium Long such as specialized financial ombudsman). In the meantime, they should fully operationalize existing Other Financial Sector mechanisms and seek to harmonize approaches to the extent possible. Regulators, as relevant F. GUARANTEE AND INSOVENCY SCHEMES (Insurance Sector) The NIC should ensure that rules regarding the Client Rescue Fund are clear, and address key matters NIC Medium Medium regarding the coverage and governance of the Fund. Both Insurance and Health Insurance Acts to be amended to ensure that policyholder interests are NIC, NHIA Medium Medium adequately protected in the case of insurer insolvency. 1 Introduction 1. Financial consumer protection (FCP) has become internationally prominent with increased policy, regulatory and supervisory attention to this topic. As shown by the World Bank’s 2013 Global Survey on Financial Consumer Protection3 a legal framework for financial consumer protection exists in 112 out of the 114 countries surveyed. The most common approach is to have a specific financial consumer protection regulatory framework (103 countries). The Global Survey also showed that the number of regulatory agencies with formal responsibility for financial consumer protection increased from 74 in 2010 to 97 in 2013. Additionally, the overall trend shows that both developed and developing economies are moving towards having either a separate financial consumer protection regulator or a separate independent financial consumer protection unit within the financial sector prudential regulator. 2. A strong legal, regulatory and supervisory framework for FCP is crucial to protect financial consumers and prevent market abuses. FCP regulation should at a minimum ensure that consumers: (i) receive information to allow them to make informed decisions, (ii) are not subject to unfair or deceptive practices, and (iii) have access to recourse mechanisms to resolve disputes. This protection should extend to all retail financial services and products irrespective of the type of provider of those services and products. All laws and subordinate legislation relating to consumer protection in the financial sector should be considered in this context, with a view to forming a clear and complete framework, free of major gaps and overlaps. 3. While a sound FCP framework is critical for market development, it must be complemented with strong prudential regulation and supervision. Prudential regulation and supervision are intended to ensure that the financial system and individual financial institutions remain sound and stable. Poorly managed institutions - as recently demonstrated in Ghana with failure of a number of microfinance institutions and subsequent loss of deposits - can cause major distress and losses to consumers, particularly small depositors. It is therefore paramount that the financial authorities develop and use adequate tools to deal with problem institutions to minimize loss of consumer savings and deterioration of public trust in the financial sector or a specific sub-sector. FCP and financial stability are therefore mutually reinforcing. 4. The need for an effective legal and regulatory framework for FCP is even more urgent in markets such as Ghana, where inclusion of lower-income people with low levels of financial capability is rapidly expanding, mainly through the use of mobile money. The financial sector in Ghana is gradually becoming more inclusive given a wide range of regulated providers and the expansion of products and delivery channels. Although several banks are utilizing innovative channels, banking sector is slower in expanding to new client segments as compared to mobile money providers which also target low-income individuals. Overall, the Ghanaian financial 3 Available at http://responsiblefinance.worldbank.org/~/media/GIAWB/FL/Documents/Publications/CPFL- Global-Survey-114econ-Oversight-2014.pdf 17 sector offers a wide range of financial services and products, from basic payments services to more complex products such as mobile life insurance and leasing. FCP is important for financial inclusion, at it helps build consumers’ trust in the financial sector, which in turn can raise demand for, and usage of, financial services. While new products and delivery channels can support financial inclusion, they may also pose new risks to consumers if not handled properly. A well-crafted and comprehensive FCP framework should therefore give regulators and supervisors flexibility to adapt to new consumer and supervisory challenges. 5. Given the above illustrated context it is critical to build a strong legal, regulatory, institutional, and supervisory regime for FCP in Ghana. The authorities need to ensure consumer protection with respect to retail products and services, where consumers are usually subject to standard agreements, terms and conditions, and have little room to protect their rights even if they have the necessary knowledge, information and confidence to do so. Effective FCP in the fast expanding mobile money sector and other areas of retail financial services require good regulations informed with international good practices, and adequate implementation through supervision and enforcement, which in turn requires clear mandates and capacity. The FCP framework should also extend beyond on credit services as it is currently the case in Ghana. It also needs to cover a range of topics, including disclosure and sales practices, fair treatment and business conduct, recourse and data protection. Box 1: Brief Overview of the Ghanaian Financial Sector and Financial Inclusion in Ghana The financial sector in Ghana is diverse and has grown rapidly over the past five years though credit to private sector still remains low. The sector is dominated by commercial banks, accounting for 75 percent of the total assets of the financial system followed by pension funds with 12 percent and the insurance sector with only 4 percent. Although the size of insurance sector is relatively low, as of 2014 around 30 percent of population had some sort of insurance which is relatively high coverage compared to other countries. The financial sector is comprised of 28 banks, 62 non-bank financial institutions (including finance houses, remittance houses, savings and loans, leasing, finance and leasing, mortgage finance), 133 rural and community banks, 444 credit unions, 540 microfinance companies, 18 financial non-government organization, and 473 susu collectors. There are also money lenders but recent data on their numbers was not available. Most of these various non-bank institutions are also classified as microfinance institutions (MFIs) as per the BoG Operating Rules and Guidelines for Microfinance Institutions (2011) (for more details on MFIs see Box 2). Other financial institutions include 103 pension funds, 23 life and 26 non-life insurance companies, and 3 reinsurance companies. Overall the financial sector assets accounted for 54 percent of GDP in 2014, up from 34 percent of GDP in 2010. Private sector credit to GDP remains low at about 19 percent in 2014 compared to the Sub-Saharan Africa (SSA) average of about 24 percent. Meanwhile, total deposits to GDP stands at about 27 percent in 2014 versus the 31 percent average for SSA. In addition, both credit and deposit indicators are more than 5 percentage points below expected values considering Ghana’s level of development and structural characteristics (FinStats 2016). Financial inclusion in Ghana is still low with only 40 percent of adults (age 15 and above) having an account at formal financial institution, remaining slightly above the SSA regional average of 34.2 percent. Mobile financial services in Ghana are at a nascent stage with only 13 percent of adults having a mobile money account (provided by 3 major mobile money providers) and the number of mobile phone-based financial transactions are 18 incipient though on the rise. The number of branches and ATMs of commercial banks reached 967 and 932 respectively in 2014. The low density of bank branches (at 6.1 per 100,000 adults) is comparable to regional trends, but stands below the SSA regional average of 8.7 branches per 100,000 adults and only 8.2 ATMs per 100,000 adults. This poses a challenge for financial institutions to reach customers. Despite modest recent growth observed in the ATM network, the still limited distribution of ATMs may be contributing to an ongoing reliance on bank tellers as the main mode of deposits and withdrawals. 6. To address current gaps, there have been a number of FCP initiatives in Ghana; however, more needs to be done to complete and operationalize the FCP framework. Some of these initiatives include: (i) adoption of the Borrowers and Lenders (B&L) Act in 2008;4 (ii) the 2009 National Strategy for Financial Literacy and Consumer Protection for the Microfinance Sector, launched by the Ministry of Finance and Economic Planning (MoFEP); (iii) establishment of a Market Conduct Unit (MCU) within the Financial Stability Department (FSD) of the Bank of Ghana in 2011; and (iv) expansion of the National Insurance Commission’s (NIC) regulatory and supervisory work on market conduct issues. A pending reform of the Banking Act via the Banking and Specialized Deposit-Taking Institutions (BSDTI) Bill aims to reinforce BoG’s mandate for financial consumer protection by giving it an explicit mandate in this area, and BoG has also drafted regulations on disclosure and internal dispute resolution. Despite these initiatives, the current framework still needs major improvements to clarify legal mandates of regulatory authorities and address gaps related to important FCP issues that are not covered by the laws or regulations. 7. This diagnostic review was conducted with a purpose to inform future reform of the FCP framework in Ghana, and is based on the revised and enhanced World Bank Good Practices for Financial Consumer Protection 5 (forthcoming). The content of this report is based on a review of the legal and regulatory framework, as well as in anecdotal evidence of current FCP issues and practices gathered through interviews with financial services providers, regulators, specialists, and through a review of available documents on this topic. The assessment focuses on retail products and services in four sectors: i) banks and NBFIs; given the large number of diverse institutions in the non-bank sector the references to NBFI sector in this report are primarily based on information gathered from rural and community banks, microfinance companies, savings and loans, credit unions, and leasing companies; ii) payments; and iii) insurance. Further, it covers five topics in each of the above-mentioned sectors, namely: i) legal, regulatory, and supervisory framework; ii) disclosure and sales practices; iii) fair treatment and business conduct; iv) data privacy; and v) dispute resolution mechanisms. While some sector-specific sections addressed issues related to data privacy, this topic was primarily addressed as cross-sectoral issue, discussed in section 2 below. Each of the sections contains recommendations for reform measures in Ghana, with indication of their priority. Significant emphasis has been put on building supervisory capacity for FCP, given its 4Borrowers and Lenders Act 2008. 5 Current version of Good Practices is available at: http://siteresources.worldbank.org/EXTFINANCIALSECTOR/Resources/Good_Practices_for_Financial_CP.pdf 19 importance for effective implementation of the few existing regulations and additional regulatory reforms proposed in this report. 2 Cross-Sectoral Financial Consumer Protection Issues 2.1 Legal, Regulatory, and Supervisory Framework 8. Good practice calls for either a standalone legal framework for financial consumer protection or FCP provisions in the relevant financial sector laws. This approach allows for greater flexibility to address issues that are typical of the financial sector, as compared to having only a general consumer protection law that covers all financial and non-financial sectors. This further allows for complementarity with other regulatory frameworks such as prudential regulation, which are typical to the financial sector. This approach may also facilitate more effective institutional arrangements for enforcing FCP either by creating a dedicated FCP authority or expanding mandates of existing financial regulators that focus on prudential regulation to also include market conduct regulation and supervision. 9. Institutional arrangements should facilitate the enforcement of FCP laws and regulations across all regulated financial institutions in a consistent, thorough and timely manner. Although some countries have assigned FCP to a general consumer protection agency, this is not a recommended practice given that specific technical capacity and expertise is required to effectively regulate and supervise complex and dynamic financial sector issues. In this regard, a general consumer protection body that is responsible for all types of services and products across all sectors may very well lack this capacity, as well as the necessary resources and focus for continuous monitoring of compliance in financial sector, which could be detrimental for consumers of financial services. This approach may also lead to lack of coordination with prudential regulators’ positioning and actions, which is necessary to protect the stability of the financial sector. 10. Most importantly there should be no overlaps in institutional mandates for FCP. Regardless of the institutional arrangement for FCP, it is crucial that an authority that has been vested with this role has an explicit legal mandate for FCP and that there are no legal or functional overlaps with any other institution. 2.1.1 Key findings 11. While the responsibility for FCP in Ghana appropriately rests with financial sector regulators (either explicitly or implicitly), the Ministry of Trade and Industry (MoTI) is sponsoring the drafting of a general Consumer Protection Bill which aims to cover financial sector, and this approach would certainly result in overlapping legal and institutional mandates. MoTI, in accordance with its Consumer Protection Policy,6 is preparing a Consumer Protection Bill aimed at ensuring consumer protection in all economic sectors. Although the draft was not available for analysis, the information gathered is based on a joint discussion with MoTI and the consultant leading the drafting of the bill. The bill 6 Available at http://www.ghanatrade.gov.gh/Trade-Data/consumer-protection-policy.html . 20 covers consumer protection in the financial sector, including provision for the establishment of an external dispute resolution mechanism and establishment of a Consumer Protection Agency (CPA) as the main regulatory and supervisory body. While the initiative to institutionalize consumer protection in Ghana is welcome, insufficient consideration has been given to the capacity of a general consumer protection body to oversee the financial services sector and the overlapping mandates and regulatory contradictions with those of financial sector regulators. In particular, this includes overlaps with respect to BoG, whose FCP mandate is becoming explicit through the reform of the Banking Act (see Section 34) and the NIC (see Section 5), but also to other financial sector regulators whose activities were beyond the scope of this report. 2.1.2 Recommendations 12. It is recommended that any reference to financial products and services are excluded from the draft Consumer Protection Bill and that the supervisory and regulatory powers in relation to consumer protection in financial sector remain exclusively with existing financial supervisory authorities. Considering the fact that both BoG and NIC already have the mandate to regulate and supervise consumer protection in financial sector, it is recommended that this arrangement is reinforced (e.g. as already planned with amendments to Banking Act via BSTDI bill) rather than weakened with provisions as planned under the proposed draft Consumer Protection Bill. It is critical to avoid any legal and institutional conflicts and to ensure close coordination between the financial consumer protection and stability mandates of both BoG and NIC. Further, multiple institutions and avenues for redress in the same subsector could result in public confusion and overall efficiency dispute resolution mechanism. Finally, the financial sector regulators are specialized in financial sector issues and have the proper technical expertise for market conduct regulation, supervision, and dispute resolution. 2.2 Data Privacy and Protection in the Financial Sector 13. Financial institutions, including credit bureaus, are major data collectors and data controllers. Financial institutions collect several types of consumer information, including personal information, contact details, consumer agreements, transaction logs, passwords, and so forth. It is therefore absolutely critical that such information is kept safe, unaltered and confidential, and used only for the purposes disclosed to the consumer at the time the information was provided by the consumer, or otherwise agreed with the consumer. Financial institutions should therefore be required to have policies and procedures in place to protect the consumers’ privacy and data and their Board should be held accountable for the effective implementation of such policies. 2.2.1 Key findings 14. The legal, regulatory, and institutional framework for data protection in Ghana has recently been changed to align with international best practices. In 21 2012 the Data Protection Act7 was passed to improve the legal framework and allow for measures to guarantee the protection of consumer data. The Act created the Data Protection Commission (DPC), responsible for regulating the storing and processing of personal information and the process for obtaining, disclosing, and sharing of personal data with third parties. The DPC has subsequently been established and is preparing regulations establishing requirements on processes and procedures that data controllers need to have in place to guarantee the safekeeping of customers’ information. 15. Adoption of the Data Protection Act and the establishment of DPC are welcome developments, but the provisions of the Act have yet to be operationalized and implemented. The DPC is currently working on completing the registration of all relevant entities (i.e. public and private institutions handling personal data) so as to ensure that they have processes and procedures in place to guarantee that personal data is protected. At present the DPC has limited capacity to enforce the registration requirement that is a prerequisite for supervision of data controllers. For instance, many financial institutions have not yet registered with the DPC, but the DPC has not been able to take any action to enforce the law. 16. The use of alternative data in the financial sector, albeit still incipient, is not adequately addressed in the current legal framework. While the use of big data and other alternative data (either personal data or other) is only emerging, it may likely grow in the coming years. For instance, there is at least one provider of data analytics for the purposes of analyzing a potential borrower’s creditworthiness. The current legal framework does not specifically address this type of innovation and there might be a need for additional future regulation. 2.2.2 Recommendations 17. The BoG, NIC, and the National Health Insurance Authority (NHIA), should coordinate closely with DPC to enforce registration with the DPC of all financial services providers, including credit bureaus and insurance intermediaries, in line with the Data Protection Act. In this regard it is suggested that BoG, NIC, and NHIA follow up with any unregistered institution under their regulatory remit to facilitate compliance with the Data Protection Act. Subsequently, as DPC builds its capacity, further coordination may be required to ensure that data controller requirements are implemented in practice. In this regard, it may be worthwhile considering a Memorandum of Understanding between DPC and the BoG/NIC/NHIA to formalize this collaboration. 18. DPC, in coordination with the financial sector regulators, should evaluate whether there is need for additional regulations and measures with regard to the use of alternative information, such as big data. The use of such alternative data can raise several issues in privacy and this topic should be carefully analyzed by DPC, in coordination with the financial sector regulators, with the aim to protecting consumer while not stifling innovations that could benefit financial inclusion. 7 Data Protection Act, 2012. 22 2.3 Dispute Resolution in the Financial Sector 19. Effective consumer redress through internal dispute resolution (IDR) and external dispute resolution (EDR) mechanisms is an essential element of an effective FCP framework. Complaint data obtained through EDR mechanisms, and through mandatory reporting of IDR data by financial service providers, contribute to effective supervision and market conduct monitoring. Once IDR systems mature under appropriate regulatory guidance and oversight, and with the positive tension provided by EDR schemes, most financial consumer complaints will likely be successfully resolved through internal complaint handling processes of financial service providers. Effective engagement of financial service providers with complainants is also key to ensuring that complaints that remain unresolved subsequent to IDR processes are escalated to an appropriate EDR scheme. EDR schemes may drive improvements in market conduct and serve to reinforce effective IDR. It is therefore important to address both IDR and EDR together as interrelated elements of an effective end-to-end dispute resolution mechanism for complaints within the regulatory framework for FCP. 20. Given that most complaints will be for relatively small amounts, the courts are not a viable and accessible option for the vast majority of financial consumer complaints in Ghana. The cost of legal representation and the time and technical complexity of the court process makes the courts inaccessible or ineffective for most financial consumer complaints. An accessible option to legal action to resolve low-value financial sector complaints is therefore an important component of the FCP framework in Ghana. 2.3.1 Key findings (For internal dispute resolution see sector-specific sections.) 21. Currently the BoG, the NIC, and the NHIA have external dispute resolution (EDR) mandates but they lack clarity and specificity. Within the BoG, the complaint handling team is comprised of staff of the MCU which does not have sufficient capacity due to limited resources and technical skill. Also, as there is no staff dedicated solely to EDR function, it is currently being performed by staff that may be otherwise tasked with market conduct supervision. While the B&L Act gives the power to BoG to solve disputes between borrowers and lenders, this is limited to credit products and its overall mandate lacks clarity.8 Within the NIC, complaints are received by the Commissioner of Insurance and passed to the NIC’s legal team for resolution. For the legal team, such referrals of unresolved complaints are additional to their normal role. Article 106 of the Health Insurance Act, calls for the establishment of an Adjudication Committee with powers to deal with complaints that are not resolved by Private Health Insurance Schemes (PHIS). The Adjudication Committee has yet to be established and is to consist of a chairperson who is a judge, and representatives from each of a number of groups such as the Medical and Dental Council, and the NHIA. The Committee may hear and determine complaints made by a member of the scheme, or a healthcare provider, or referred to it by the NHIA Board 8 Borrowers and Lenders Act, Art. 6. 23 which is also responsible of ensuring that members of the healthcare schemes and healthcare providers are informed about the Committee and its functions. In all cases, the details of the EDR schemes and the key operational elements are not sufficiently set out and aligned with international good practice. 22. At present neither BoG nor NIC EDR mechanisms have the ability to compel financial service providers to pay compensation to consumers where warranted. In practice, however, NIC and BoG staff report being able to resolve complaints with financial service providers through mediation, the use of moral suasion, and the threat of taking unresolved complaints into account when making unrelated decisions such as sanctions or withholding regulatory approvals. This use of unrelated decisions as leverage to resolve complaints, while potentially effective in certain cases in the absence of binding authority, could potentially leave the regulator vulnerable to judicial review and is unlikely to be equally effective with all financial service providers of various sizes and types. 23. BoG and NIC prudential mandates could also come into conflict with an EDR mandate in cases of redress for large-scale systemic problems that arise through individual or multiple financial consumer complaints. Managing this potential conflict is particularly important when the EDR function is located within a regulator and especially when located within an existing department that already has regulatory (as in the case of the MCU at BoG) or cross-functional responsibilities (as in the case of the NIC where the legal team handles complaints). 24. Further, BoG and NIC concern for the reputation of the industry limits the public disclosure of complaint issues already evident in the Ghanaian marketplace. This lack of transparency on financial consumer complaints limits public awareness of the ability to seek redress and of the main problems faced by financial consumers. It also reduces political pressure to change existing market conduct that is already giving rise to complaints. Finally, it reduces financial service providers’ and industry’s overall perceived risk of public reputation exposure from the perpetuation or introduction of products and services and market practices that could give rise to consumer complaints. Lack of transparency also limits the ability of consumer groups and other interested stakeholders to utilize complaint-related information for the purpose of public education and advocacy. 25. BoG and NIC lack the resources to effectively handle the intake, mediation, investigation, analysis, and stakeholder outreach functions typical of an effective EDR scheme as well as the attendant administrative load . The current funding model is to handle complaints out of the regulatory staff funded out of Ghana’s public revenue base. This function is subject to possible wide swings in year- over-year volumes (>200% annual increases in complaint volumes were common in many jurisdictions during the aftermath of the 2008-2009 financial crisis). 26. Both regulators lack the systems capability to effectively handle the recording, work flow management, and reporting requirements of an EDR scheme. Current case file handling by both the BoG and NIC was reported by staff as manual and paper-based. This makes the conduct of analysis and reporting more difficult, less effective, and less efficient given the limited resources available to the teams responsible for this process. 24 27. Most financial services providers are not making their customers aware of the ability to raise a complaint with the provider and the options available to do so. Without an effective requirement for providers to communicate the existence of an IDR process, consumers are left to abandon their complaint, settle it for an unfairly low amount of compensation, or progress it through various informal means with the financial services provider in the hope of obtaining fair redress. 28. There is therefore also a lack of a “sealed system” to ensure that all financial consumers with complaints are made aware of their option to seek redress through available IDR and EDR pathways. In the absence of a clear regulatory requirement (with the exception of life insurance) to inform consumers of the ability and how to make a complaint to the financial services provider, many potential complaints will not be appropriately handled. Furthermore, in the absence of a clear regulatory requirement to inform consumers of the ability and how to escalate an unresolved complaint to available EDR may lead to consumers abandoning complaints that are not successfully resolved through the IDR without the benefit of an appeal to the regulator. 29. Current IDR activities and proposed initiatives, if any, vary across the financial sector and are therefore addressed under the banking/NBFI, payments, and insurance sections of this report. 2.3.2 Recommendations 30. In the medium term, once their complaint handling mandates are clarified and their supervisory capacity is enhanced, the BoG and NIC should each establish complaints handling units and develop and implement consistent EDR (mandatory, binding and enforceable) schemes to resolve financial consumer complaints in the banking, NBFI, payments, and insurance sectors. NHIA should operationalize its Adjudication Committee in harmony with existing approaches of BoG and NIC. The regulators should develop and implement EDR schemes consistent with the Good Practices and informed by the collective experience of the extensive network of dispute resolution practitioners around the world. The International Network of Financial Services Ombudsman Schemes (INFO Network)9 may be a good source of additional information on this topic. 31. In the meantime, a limited number of staff, not to impair supervisory needs, within the BoG and NIC should be specialized and dedicated to the EDR function. Complaint handling is different operationally from most regulatory functions and requires a different staff skillset and mindset. Training specific to the function is important to establish consistency and credibility of the function with consumers and industry. 9 The INFO Network has developed a seven-part guide to effective approaches to fundamental principles to which INFO Network member schemes aspire, available at http://www.networkfso.org/assets/info-network_effective- approaches-to-fundamental-principles_september2014.pdf. The INFO network comprises approximately 60 financial sector Ombudsman schemes and is active in developing good practices and effective approaches to challenges faced by financial sector EDR schemes worldwide. The INFO Network meets annually to promote professional development and networking across its members. 25 32. Gradually, in the medium term, both the BoG and NIC should implement scale-appropriate systems to facilitate workflow management and to improve ease of analysis and reporting on complaints handled as well as analysis of complaint reports provided by financial service providers. Even relatively simple application of information technology can have a significant impact on the ability to manage significant case file volumes and enable basic analysis and reporting. 33. Both the BoG and NIC should embark on programs of capacity building in the area of EDR international good practices as well as staff training and development in the areas of inquiry and case file handling, investigation, and mediation/adjudication. The nature of complaint handling will have staff interacting extensively with the public and other stakeholders. The demonstrated capacity and skills will be critical to maintaining the reputation of the regulator and the complaint handling unit. Hence, once the capacity building efforts on the supervisory side are completed and adequate regulations are in place, both BoG and NIC should undertake capacity building programs to effectively perform their EDR functions. 34. Both the BoG and NIC should establish internal information flow pathways to ensure that market conduct intelligence acquired by the teams carrying out the EDR function is shared with the relevant supervision and enforcement teams. EDR schemes are often seen as early warning systems for regulators, both for FCP and prudential purposes. Individual financial consumer complaints can serve as valuable early warnings of systemic issues or can indicate areas where market conduct regulation or guidance to financial service providers is warranted. 35. In the longer term, both the BoG and NIC to explore the possibility of gradually securing some or all of the required financial resources from industry for external dispute resolution schemes through some combination of levies and/or case fees to either supplement or replace their own funding of the cost of that function. The appropriate transition point for considering this approach is once the IDR regulations have been made operational and once the respective EDR functions are operationalized. Given the expressed desire of public bodies to support the financial viability of the emerging financial sector, such an industry-supported funding model may not be politically viable at this time. It should be considered, however, for the future to incorporate some form of direct industry funding to avoid the moral hazard of financial service providers (collectively and individually) not having to internalize the cost of complaint handling at the EDR stage. Regulators need to be vigilant to ensure that the providers’ referral behavior is not undermined by the imposition of a case fee funding model or a levy whose amount is sensitive to historical complaint volumes. 36. In the long run, financial sector regulators could explore opportunities for establishment of a unified dispute resolution mechanism for the entire financial sector (e.g. such as specialized financial ombudsman). While there is a clear consumer protection benefit from each of the regulators (BoG, NIC, NHIA) adopting the immediate recommendations regarding IDR and EDR, the current fragmented environment for introduction or refinement of IDR and EDR suggests a need to consider a long-term plan to move toward a single, consistent approach to IDR and EDR across the regulated sub-sectors of the Ghanaian financial services industry. Short-term and intermediate decisions regarding the introduction or refinement of 26 IDR and EDR within each sub-sector would ideally be made in a coordinated fashion with a view to such a long-term sector-wide vision. The value of a unified approach is consistency across the financial sector, lower overall cost, and development of a concentrated capacity (resources and expertise) in complaint handling, complaint intelligence gathering and analysis, and complaint process management. Bank and Nonbank Deposit and Credit Products and Services 2.4 Legal, Regulatory and Supervisory Framework 2.4.1 Key findings 2.4.1.1 Institutional, legal and regulatory framework 37. BoG is the licensing, regulatory and supervisory body for banks and nonbanks providing deposit and credit services, as well as credit information systems, and it has a broad regulatory and supervisory mandate. The BoG has jurisdiction over banks and a range of NBFIs. According to the BoG Act, 2002, the objectives of BoG include promoting effective and efficient operation of banking and credit systems in the country. Pursuant to this Act, BoG has to perform several functions, including to regulate, supervise, and direct the banking and credit system; ensure the smooth operation of the financial sector; and license, regulate and promote and supervise NBFIs. The functions with regard to banks are expanded in the Banking Act, 2004, which states that BoG shall have an overall supervisory and regulatory authority in all matters relating to banking business and shall be responsible for promoting and effective banking system; dealing with any unlawful or improper practices of banks; and considering and proposing reforms relating to banking business.10 38. BoG’s FCP mandate could be inferred by the current laws, but it is not explicit. According to the legal interpretation by the BoG of the Banking Act and the NBFI Act, BoG has a clear and broad regulatory and supervisory mandate, and its FCP powers cannot be questioned. In addition to the aforementioned broad mandate and functions, the NBFI Act, 2008, empowers BoG to revoke a license if a NBFI conducts business in a manner detrimental to the interests of depositors or customers, and limit a license with the purpose of protecting depositors or potential depositors.11 Moreover, both the Banking Act and NBFI Act have provisions in the area of safety of deposits, assurance of returns of savings, and confidentiality of client data (see more details in the sections below). Finally, BoG is also the regulator and supervisor of credit information systems and responsible for protecting the interests of credit information subjects, according to the Credit Reporting Act, 2007.12 10 BoG also covers other institutions under the Banking Act 2004: savings and loans companies, finance houses, and deposit-taking microfinance institutions. See, Banking Act 2002, Art. 4. 11 See Non-Bank Financial Institutions Act 2008, Art. 2 as well as Notice No. Bg/Gov/Sec/2011/04 Operating Rules and Guidelines for Microfinance Institutions. 12 The Credit Reporting Act, 2007 covers credit bureaus, data providers, credit information recipients and their agents. 27 39. Pending reforms will ensure clarity of FCP only with regard to banks, while the FCP mandate with respect to NBFI will continue to be non-specific. A pending reform of the Banking Act, the BSDTI Bill, among other measures makes BoG’s mandate for FCP explicit, by including it in the list BoG’s powers and functions. No such reform is planned with respect to NBFIs but such measure would be beneficial to ensure that BoG’s future regulatory and supervisory actions in consumer protection of the NBFI sector are not questioned. 40. NBFIs must be licensed and meet certain minimum requirements. In January 2011, a team for the supervision of the microfinance sector was established within the Banking Supervision Department (BSD) and has subsequently transformed into the current NBFI Supervision Department (NSD). In July 2011 the BoG issued operating rules and guidelines for microfinance operations which categorized providers into Tiers (see Box 2), defined permissible activities, and stipulated minimum paid-up capital and other licensing requirements that should align the regulation of this sector to international good practices. Nevertheless, the MFI sector – in particular deposit taking microfinance institutions – has been experiencing a number of challenges in practice. 41. The remaining legal gap was closed in late 2015, when credit unions were brought under BoG’s remit. Credit unions were outside BoG’s legal jurisdiction until late 2015. Although they have previously been covered by BoG under the NBFI Act, they were later excluded through a BoG Notice issued in 2011 that left them to be regulated by a specialized Legislative Instrument (LI). The LI has been finally passed in late 2015, formally bringing credit unions under the BoG and envisaging creation of the Credit Unions Supervisory Agency (CUSA), in whose Board BoG will participate. This will allow BoG to deal with FCP issues in the credit union sector. In practice, however, credit unions are currently still outside BoG’s regulatory and supervisory scope, since the LI has not yet been implemented and CUSA has not yet been created. Box 2: Categorization of Microfinance Institutions Tier 1: Deposit-taking MFIs licensed and supervised by BoG: Rural and Community Banks and Savings and Loans. Tier 2: Deposit-taking MFIs: Microfinance Companies; supervised directly by BoG; Credit Unions: currently self-regulated by Ghana Cooperative Credit Unions Association and to be regulated separately under a new Legislative Instrument that envisages supervision through an independent Board under BoG. Tier 3: Non-Deposit-taking MFIs: Incorporated Money Lenders and Financial non- government organization. These are MFIs that do not mobilize deposits from the public (though in practice take client funds as collateral for loans, or offering interest on “investment” in the case of money lenders); in principle supervised by BoG; in practice, associations are being asked to take the lead in monitoring and reporting on their subsectors. Tier 4: Others, specifically, individual Susu Collectors (who only take daily savings) and Money Lenders (who only make loans). These are not allowed to intermediate funds and are not supervised directly by BoG, but are expected to join and report to their respective industry associations. 42. The legislation which explicitly provides for FCP measures is the B&L Act, but it only covers credit services. The B&L Act applies to all types of lenders 28 and guarantors and includes a section dedicated to borrowers’ rights, disclosure and fair treatment.13 Amongst other, the Act makes BoG responsible for: a) promoting and supporting the development of a fair, transparent, competitive, and accessible credit market; b) receiving complaints; c) monitoring credit markets to detect and prevent prohibited conduct; d) promoting public awareness; and e) reporting to the Ministry14 the volume and cost of different types of credit products, market practices and their implications for borrower choice and competition.15 Although this legislation is useful to cover many aspects of consumer protection in credit services, it is not sufficient, particularly as it does not cover other types of services, such as savings, and overall business practices of banks and NBFIs. 43. The current regulatory framework is insufficient to cover most FCP issues in line with international good practices. There is virtually no regulatory framework in place for financial consumer protection, except for two draft regulations which are supposed to be issued in 2016 (they have been under preparation for a couple of years). These are the Disclosure and Transparency Rules for Credit Products and Services (Draft Transparency Regulation), to be issued under the B&L Act, and the Recourse Mechanisms for Financial Service Providers (Draft Recourse Regulation), to be issued under the Banking Act. The content of these draft regulations are discussed in the following sections, under specific FCP topics. It is important to note that although the Draft Recourse Regulation would be issued under the Banking Act, it also covers NBFIs, based on BoG’s broad regulatory mandate over NBFIs. After passing these two regulations and building its capacity and structure to start enforcing them, BoG will need to issue a range of additional regulations to cover issues such as disclosure, sales practices, fair treatment, and business conduct in deposit services. It is likely that it will also need to issue specific regulations with regard to data privacy and security, to deal with the incipient but slowly growing use of electronic channels by banks and NBFIs (digital finance is currently more pervasive in the payments sector, see section 3). 44. Ghana Association of Microfinance Institutions Network (GHAMFIN)16 and the Ghana Association of Bankers (GAB)17 have developed voluntary codes of conduct, but they do not have a formal self-regulation mandate or enforcement powers. 18 While the Banking Code of Conduct covers all the key principles of financial consumer protection, and even provide detailed guidance (e.g., on changes in terms and conditions), its application by banks seems to be uneven and GAB has no enforcement mandate, even though it may receive consumer complaints 13 See Borrowers and Lenders Act 2008, Art. 1. 14 Presumably Ministry of Finance, though the law is not specific in this regard. 15 See Borrowers and Lenders Act, Art. 6. 16 GHAMFIN is the umbrella institution for the microfinance sector, with various sub-sector associations represented on GHAMFIN’s Board. Its functions include advocacy for microfinance sector as its umbrella body, data collection, monitoring and benchmarking; good practice dissemination; consumer education; studies, compiling aggregate data on all subsectors; implementation and monitoring of national Code of Conduct, etc. 17 GAB is the National Organization of Banks in Ghana with functions including advocacy, research, analysis, and dissemination of information relevant to banking sector, promoting good practice in the banking industry (i.e. via Code of Conduct), as well as processing customer complaints. 18 The diagnostic team did not manage to meet the Ghana Association of Microfinance Companies (GHAMC), which unites companies providing microfinance under Tier 2 category established by the BoG and offer deposit and credit services. 29 with regards to violations of the Code. Similarly, the GHAMFIN Code, while less detailed than the Banking Code of Conduct and focused on transparency, provides for some key consumer protection standards. The other associations covering the NBFI sector and the Association of Rural Banks (ARB) – which functions as mini “central bank” of rural banks – do not have codes of conduct. 2.4.1.2 Supervisory framework 45. BoG has established a dedicated market conduct unit; however, MCU function is still nascent and requires further strengthening. The MCU is a cross- sector unit, covering all banks and NBFIs regulated by BoG, and also intended to cover payment service providers. In practice, however, its operations and the bulk of staff time are primarily dedicated to complaints handling. While dispute resolution is important element of financial consumer protection its effectiveness is largely dependent on proper regulation and enforcement of market conduct rules. Currently, the MCU’s regulatory activity is limited and FCP supervision is not done. In addition, MCU is not actively involved in other related supervisory activities such as licensing of new institutions or during inspections carried out by other departments. 46. There is lack of clarity on the roles, powers and functions of different BoG departments related to FCP supervision. Although the MCU was created (as part of the FSD) through a deliberation of BoG’s Board,19 there is no formal mandate that describes its powers (including enforcement powers), scope, functions and activities. Likewise, there is no formal coordination and collaboration mechanism between MCU, BSD and NSD, aiming at minimizing overlaps, sharing of key information, and exploiting synergies. Some aspects of consumer protection supervision, such as whether fees and charges are posted in branches of banks and NBFIs, and some aspects of the B&L Act, may be and often are checked by the BSD and the NSD during the course of their routine inspections, 20 but there is no systematic treatment of the topic that results in a comprehensive assessment of existing and forward-looking risks to consumers and their impact on the risk profile of individual institutions. 47. As only a unit within FSD, MCU is not fully independent or at the same hierarchical level as BSD and NSD, which could limit its effectiveness in the future. This status could limit its ability to secure resources, defend its supervisory and enforcement actions (particularly in case of conflicting views across departments) and fully develop an adequate regulatory and supervisory framework. 48. There is no comprehensive and systematic collection and use of data for consumer protection supervision and there is virtually no dissemination of supervisory information to the wider public. Effective supervision must make use of several data sources to inform institution-focused and cross-sector assessments and analyses. Also, despite having a database of consumer complaints that are received by MCU, BoG does not transform this information into analytical reports for ongoing 19 According to information provided by BoG. The diagnostic team did not have access to the minutes containing the Board decision. 20 The Payments Unit (PU) within the Banking Department (BD) is not cited as it is yet not conducting supervision of retail payment service providers, and therefore does not cover FCP issues. 30 supervisory and regulatory purposes, and its use by BSD and NSD is not consistent due to the lack of supervisory policy guidance in the area. 49. BoG has broad enforcement powers, which may cover FCP, but additional improvements are needed. BoG can intervene in the affairs of a financial institution if it contravenes the Acts mentioned previously, any related regulation, Notices, or Circulars issued by BoG. It may impose remedial actions such as requiring the implementation of orders or directives (enforceable undertaking), issue a cease and desist order to stop an “unacceptable practice”, and impose fines. The current legal and regulatory framework or the draft regulations do not include specific enforcement measures that are typically adopted by FCP supervisors, such as requesting withdrawal or modification of consumer contracts and marketing/sales materials, withdrawal of products, reimburse of charges and fees to consumers, or the power to apply fines due to misconduct related to, for instance, unfair treatment of consumers, and ineffective handling of consumer complaints at the financial institution level. The B&L Act does allow BoG to apply administrative sanctions in case of contravention of the Act.21 However, it only covers credit and is not being enforced to its full extent (e.g., with respect to fairness, transparency, and competition). 50. With the passing of the LI, credit unions will now be licensed by BoG and supervised by CUSA (once it is set up). Under the new legal framework passed in late 2015, credit unions must register with the Registrar of Cooperative Societies22 and licensed by BoG. 23 BoG is the supervisory authority, but CUSA – on whose Board BoG will participate – will have the power and the mandate to issue regulations, and conduct inspection and supervision “subject to the powers and functions of BoG”.24 It seems that the LI is intended to create a framework in which BoG could delegate some regulatory and supervisory functions to CUSA, but it is not clear how this would work in practice. For instance, it is not clear what types of regulations would be issued by BoG or by CUSA or what types of specific supervisory activities and powers would actually be delegated to CUSA. This confusion is reinforced by a provision stating that CUSA could delegate its ordinary supervisory functions to the Ghana Coo-operative Credit Union Association (CUA).25 The LI does not specifically empower the BoG to issue and enforce consumer protection rules for credit unions, although it is understood that it would be able to cover this topic through regulations. 51. Existing industry associations play a limited role in regulation and supervision of FCP. The CUA conducts audits and limited inspections on credit unions, but has so far not incorporated consumer protection aspects in its supervision and it does not issue specific rules on FCP issues. Likewise, the ARB, and the Ghana Co-operative Susu Collectors Association for example do not systematically look into 21 The Borrowers and Lenders Act, 2008, gives BoG power to apply fines, which would include: (i) instituting proceedings in case of contravention of the Act; (ii) conducting investigation to ensure compliance with the Act; and (iii) issuing and enforce compliance orders. 22 Cooperative Societies Act 1968, Art. 2. 23 Legislative Instrument 2225, 2015, Art. 6. 24 Legislative Instrument 2225, 2015, Art. 5 (2). 25 Legislative Instrument 2225, 2015, Art. 8 (1) (d). 31 FCP issues when auditing their members (they do not conduct ongoing supervision, only annual audits). This is the case even with respect to the B&L Act, which applies to all types of lenders operating in Ghana and should be followed by the members of these associations. The focus of the industry associations is financial audits, advocacy and training. Moreover, none of them seem to have or be able to exercise enforcement powers, such as powers to apply fines and require withdrawal of membership. 2.4.2 Recommendations 52. Design and gradually implement a strategy for FCP regulation and supervision. BoG should give priority to issue the pending regulations and building its supervisory capacity so that future regulatory reforms can be effectively enforced by BoG’s MCU and other departments. In tandem with the issuing of the pending draft regulations, which are a good start for the MCU’s initial supervisory work, BoG should develop a pragmatic and clear strategy for FCP regulation and supervision that makes the most of the upcoming regulations and the existing supervisory capacity inside BoG. The points below address a gradual approach to supervision, while the following item addresses the needed legal and regulatory reforms. a. The strategy should delineate the supervisory approach (e.g., risk-based and shift from the focus on handling complaints), the key consumer risks to be prioritized in the next few years, the expected outcomes of supervision, the tools (e.g., market monitoring, institution-based assessments, and thematic reviews) and techniques to be deployed, the categorization (and underlying criteria) of institutions. The strategy should also explain how BoG will develop specialized supervisory guidance, build staff expertise, and improve data collection and knowledge management. b. The strategy should clarify the mandates, powers and activities of different BoG departments/units with respect to consumer protection supervision. The creation of specialized and dedicated expertise in financial consumer protection, separate from prudential supervision and payment systems oversight, is aligned with international good practices and current trend. The formalization of such mandates and powers (including the listing of specific enforcement powers26) within the MCU, and with the complementary role to be played by the BSD, NSD, and NPSO will help build the credibility of BoG’s consumer protection supervision over time. c. The process of implementation of the strategy should not delay the oversight of FCP in the interim period. While the MCU gradually develops its capacity and internal structure, securing qualified human resources, it is recommended to ensure that that consumer protection issues are addressed in the meantime. This means taking advantage of existing expertise in BSD, NSD and NPSO, by focusing on a specific sector (e.g., NBFIs or banks), and conducting joint inspections. Gradually, MCU will be able to implement a 26A consumer protection supervisor must have power to adopt a wide range of civil/administrative enforcement actions, such as private and public reprimands, sanctions (suspension or withdrawal of products, model contracts, or advertising materials, fines, suspension of a regulated activity, suspension or dismissal of management, etc.); power to require compensation or refunds to consumers, and powers to refer a case to the public prosecutor. 32 comprehensive, specialized and independent supervisory approach as envisioned in the strategy. d. Likewise, MCU could start improving dissemination of some key information about FCP in the supervised markets, and gradually broaden the scope of dissemination in line with international good practices. Some of the examples of key information include statistics about consumer complaints, and BoG’s powers and supervisory approach with respect to FCP. Other information could include reports with results of sector-wide reviews of FCP issues. As its credibility is built internally and externally, MCU should seek support to elevate its hierarchical status and become a department. e. BoG should issue regulations (or similar instruments) clarifying the new institutional arrangement for regulation and supervision of credit unions. Credit unions are major providers of financial services to low-income communities, so it is paramount that the institutional arrangement for regulation and supervision is clearly defined and effective. 53. The strategy should foresee a pragmatic schedule for the design and issuance of needed legal and regulatory reforms to align Ghana with international good practices (specific content related needs in the draft and future regulations are dealt with in the next sections): a) BoG should issue the pending draft regulations as soon as possible. The draft regulations create a basic – albeit incomplete – framework on the basis of which BoG can start its FCP supervisory approach. To signal to the market BoG’s commitment to FCP, these regulations need to be put in place as soon as possible. b) BoG should push for the passing of the BSDTI Bill, as it is a major step to strengthen BoG’s FCP mandate by making it explicit. c) BoG should initiate a reform of the NBFI Act, similar to the reform of the BSDTI Act, to make its FCP mandate explicit. This is to ensure that BoG has clear powers to regulate, supervise and enforce consumer protection rules in the NBFI sector. d) BoG should issue regulations to set comprehensive minimum standards for FCP in credit and non-credit products as well (at least deposit and payment services – see section 3). It is important to highlight that good practices require similar requirements for similar products, irrespective of the types of providers offering the services, which gives rooms to overarching regulations dealing with diverse types of institutions. The FCP issues that need to be dealt with through regulation are:  Disclosure and sales practices: i. format and manner of disclosure; ii. advertising and sales materials; iii. sales practices and conflicts of interests; iv. product suitability; v. disclosure of terms and conditions; 33 vi. key facts statements; vii. guarantors and third party mortgagers; viii. requirements for statements; and ix. notifications on changes in rates, terms and conditions.  Fair treatment and business conduct: i. unfair terms and conditions; ii. unfair practices; iii. customer mobility and cooling-off periods; iv. compliance and professional competence; v. agents; vi. compensation; vii. fraud and misuse of customer assets; viii. debt collection.  Data privacy and protection: i. confidentiality and security of customers’ information; and ii. sharing of customer information. 2.5 Disclosure and Sales Practices 2.5.1 Key findings 2.5.1.1 Disclosure 54. There is no overarching law or regulation for effective disclosure of credit and deposit services. The B&L Act has a few requirements for credit products but does not provide a comprehensive set of disclosure requirements, although it is currently being revised to this end. 27 The B&L Act requires that information is provided to potential borrowers in a durable medium, though not necessarily paper- based, and key product features (e.g., principal amount, all costs, and interest rate) need to be disclosed before the contract is signed. There are no format and manner rules (e.g., font size, length and language of documents, oral disclosure, etc.). Good practices require that minimum common requirements on format and manner are set for all types of disclosures made by financial service providers, including in consumer agreements, sales materials and advertisements, statements, and Key Fact Statements (KFS). Outside the credit market, such as deposit services, there are no regulatory requirements on disclosure and marketing and sales materials and practices. 55. Application of the rules in the B&L Act is not consistent and disclosure practices vary across different institutions. Although the B&L Act provides for a pre-agreement form,28 it is unclear at which stage the KFS should be disclosed (e.g., if it should be handed to consumers only right before the contract is signed or at the inquiry stage). In practice, the Act does not seem to be implemented or enforced. In 27 The Borrowers and Lenders Bill was not shared with the diagnostic team. 28 Borrowers and Lenders Act, 2008, Art.18 and Schedule. 34 fact, the lack of standardization of basic price information makes it quite difficult to compare the cost of loans across different types of lenders. Specifically, some lenders apply annual interest rates while others use monthly rates. Similarly, some lenders require a security deposit or credit life insurance, while others do not have such requirements. All these elements impact the total cost of the loan for consumers. The use of KFS is not common but most providers use some type of pre-agreement price disclosure or quotation that could potentially be used for price comparison. However, as there are several types of additional fees and charges (including the credit life insurance premium), which vary across providers, it is not always clear whether the informed and advertised rates are all-inclusive or comparable. 56. Draft regulation for credit markets has been prepared and its formal adoption and enforcement would be a major step forward with respect to disclosure. The Draft Transparency Regulation would impose a standard KFS (“Pre- Agreement Truth in Lending Disclosure Statement”), 29 a standard Amortization Schedule and a standard calculation of the EIR. It also establishes principles that should be observed in all communications and documents of lenders to consumers, such as clear, comprehensive and accurate information, disclosure of all costs and clear and simple language. It requires disclosure of terms and conditions and consumer rights to be done in a manner that suits a particular client, including when the client is illiterate. 57. Adoption of this regulation would also further develop rules for marketing and advertising of loans. The B&L Act has general rules for marketing and advertising materials, which are further developed in the Draft Transparency Regulation. According to the B&L Act, providers must disclose, in marketing and advertising materials, the nature of their business, their annual interest rate and other costs of credit, and whether deposit or security is required.30 The Draft Transparency Regulation reinforces this requirement, explicitly prohibiting misleading statements and making providers legally liable for all statements made in advertising, marketing and sales materials. 58. It is common, particularly across the microfinance institutions, to require a guarantor, but disclosures to guarantors and related verifications are not always made. There are no regulations requiring disclosures and verifications to be done to guarantors, such as confirming whether the guarantor is aware of the consequences of guaranteeing a loan and whether he/she has financial capacity to cover the debt in case the borrower defaults. Particularly in the microfinance sector (e.g., credit unions and rural banks), where loans are offered within smaller communities, a single guarantor may be guaranteeing several loans, and may have a significant portion of their assets compromised. The Draft Transparency Regulation addresses this issue. 59. Currently there are no rules, either in regulations or laws, on the format and manner of disclosure of contractual terms and conditions in consumer 29 The proposed Pre-Agreement Statement is to be valid for 5 days, to allow the potential borrower time to shop around, and time to think about the operation. It combines disclosure of the effective interest rate, the total cost of the loan, the amount to be paid per installment, and the total number of installments. 30 Borrowers and Lenders Act, 2008, Art. 19. 35 agreements and other materials. The current framework does not include an explicit requirement for terms and conditions to be disclosed in a consumer agreement and there is no specific requirement for providers to hand an agreement to consumers (except in the Draft Transparency Regulation, with respect to credit). It is common for banks and NBFIs not to give signed agreements to consumers, including for savings and checking accounts. Also, not all consumer agreements for deposit accounts are easy to understand, and not all inform the costs of transactions that can be performed with the account. Additionally, not all providers make price information easily available to consumers, such as through their websites or through conspicuous posting in their branches. When contracts are handed to consumers, they do not necessarily have price information. Disclosure practices seem to be slightly better in foreign- owned banks than in domestic banks and NBFIs. 60. There are no provisions on periodic statements and the general practice is to provide consumers with only the bare minimum, once or twice per year, or upon the consumer’s request for an extra charge. Not all providers of savings and checking accounts, or loans, offer a periodic statement to consumers. The frequency and content also varies, in cases where a statement is provided. The Draft Transparency Regulation requires a monthly loan statement with minimum information, at the borrower’s request, in paper or electronic form. However, if providers do not clearly communicate to consumers that they can request a periodic statement, this provision may have limited practical results. 2.5.1.2 Sales practices 61. There are no regulations prohibiting mis-selling and aggressive sales. Currently the regulations do not deal with these issues, but the Draft Transparency Regulation does, albeit in a limited manner, by prohibiting lenders from exerting undue pressure on consumers at any stage of the product cycle, including coercing them into purchase of a particular product or service, or accepting particular terms and conditions. There are reports of aggressive sales in Ghana, both for loans and deposit products, particularly in the microfinance sector. 62. The Draft Transparency Regulation introduces the concept of suitability for credit products. Currently there is no requirement for providers to ensure suitability of the products offered to their clients, although some financial institutions claim to look at the suitability of the product they are offering. Some practices in the microfinance sector may result in inadequate products, particularly loans, to consumers who may end up looking for another loan in another institution to pay off the first loan (e.g., standardized loan sizes and rates with automatic granting of larger loans). According to the Draft Transparency Regulation, lenders will need to take into consideration the suitability of the loan to the consumer’s needs and capacity. 2.5.2 Recommendations 63. Specific disclosure (including on format and manner of all types of disclosure and sales materials) and sales practices requirements should be extended to products other than just loans, particularly for savings and checking accounts. Such requirements can help create better-informed consumers who are able to compare prices and make better decisions, which could encourage competition. The Draft Transparency Regulation does not cover deposit services, despite the 36 burgeoning market for savings that exists in Ghana. There are multiple types of providers offering different savings instruments, from Susu collectors to banks, and no consumer protection regulation or supervision is covering such services. The requirements need to be issued in line with best international practices, for instance, with regard to disclosure of terms and conditions, contractual clauses, dissemination of transaction fees and other charges, periodic account statements (some items may be standardized by regulation), etc. It is particularly important that depositors have easy, affordable and frequent access to their account balances. 64. BoG needs to accelerate the adoption of the Draft Transparency Regulation and start monitoring its implementation. The Draft Transparency Regulation is a highly welcome development and should be adopted as soon as possible to ensure borrowers have a minimum level of protection. The regulation introduces important requirements based on key principles, but the challenges in enforcing its implementation should not be understated. As recommended in Section 2.4.2 above, BoG will need to create a specialized supervisory approach for consumer issues, and train its staff accordingly. Certain key issues should be given priority when implementing the upcoming regulation, namely: a. Ensure effective implementation of the pre-agreement statement (Key Fact Statement), including the timing when it is provided and how it is explained to consumers by sales or other staff or agents, as well as the placing of the statement on the front page of the signed consumer agreement. b. Ensure that the lenders have included all costs in the disclosed EIR and cost of loan. c. Ensure lenders provide a written (paper or electronic) loan contract to the borrower. d. Ensure the principle of suitability is implemented in practice through an adequate evaluation of the borrower’s needs and payment capacity, particularly when the new loan increases the borrower’s level of indebtedness. e. Ensure adequate periodic statements with all the necessary and clear, understandable disclosures are provided timely (and not only when consumers request them) and in a convenient manner and free of charge. 65. As credit cards slowly become more commonly used, complementary regulations need to be issued to require standards for disclosure. The credit card market is very incipient, but expected to grow. Given the potential for abuse in this market, shown by the experience in other countries, it will be crucial to issue complementary requirements for credit card disclosure, sales materials, and credit card statements, to require a few standardized disclosures in line with international good practices so as to ensure growth of this market segment in a responsible way. 2.6 Fair Treatment and Business Conduct 2.6.1 Key findings 66. There are no specific regulations dealing with unfair terms and conditions, with a few exceptions for credit products. Currently, no regulation or 37 self-regulation explicitly prohibits unfair terms and conditions or abusive contractual clauses, except for some provisions in the B&L Act. The Act prohibits discrimination in credit contracts,31 and guarantees the borrower’s right to repay at any time of the contract life.32 Neither BoG nor industry associations look into consumer contracts to identify unfair or abusive clauses in a systematic manner or as part of ongoing supervision. The Draft Transparency Regulation prohibits providers to exclude or restrict consumers’ rights through contractual clauses or other communication, and also requires 20-day notice to the consumer before effecting a change in the terms and conditions of the loan. These are welcome measures. 67. The B&L Act sets out that recovery of the loan should be done in a fair manner,33 but abusive loan collection practices are common in Ghana. The Act requires the lender to respect the borrower’s privacy and peace when collecting loans. However, abusive loan collection practices seem to be common, in particular within the microfinance sector, and this may also be happening sporadically in the banking sector, particularly when third party loan collection companies are deployed. 68. There are no regulations dealing with customer mobility, except for a provision on cooling-off period in the Draft Transparency Regulation. The draft regulation states that the lender must give the borrower a period of 10 working days immediately following the signing of the contract, during which time the borrower can cancel the contract, by written notice to the lender and without any penalty, unless the loan funds have already been accessed. The lender may charge a fee (it is not clear what the maximum amount could be relative to the principal amount of the loan), except if the lender has failed to comply with disclosure or other rules in the regulation. There are no regulations to facilitate consumer mobility with respect to savings and checking accounts. 69. It is common for lenders to require credit life insurance, but usually the borrower is not given a choice of insurer or type of policy or coverage. In practice borrowers are not allowed any choice in most cases. Many times, particularly in the microfinance sector, borrowers are not even aware that they are acquiring insurance and what it would cover. Usually a written insurance policy is not handed to the consumer in such cases. Also, providers usually do not check whether the consumer already has an insurance policy that would cover debts in case of borrower’s death. To partially remedy some of this deficiencies, the Draft Transparency Regulation states that if additional products and services are sold in conjunction with, or included within, a credit agreement, the lender must clearly and separately communicate their individual costs to the consumer. It also requires that borrowers are given a choice of provider. 70. There are no standards for how providers deal with errors and fraud, such as unauthorized access to deposit accounts. While unauthorized access to deposit accounts, or erroneous charging of fees to accounts are common problems affecting consumers in Ghana, there are no regulations or guidance by the supervisor 31 Borrowers and Lenders Act 2008, Art.14. 32 Borrowers and Lenders Act 2008, Art. 20. 33 Borrowers and Lenders Act 2008, Art. 31-35. 38 on how providers should deal with such situations. The Draft Transparency Regulation requires lenders to efficiently and fairly correct any error in any charge or price levied to or quoted to a consumer, in which case a new credit agreement and pre-agreement statement must be created. Currently this is not addressed in practice. 71. Current regulation and supervision do not adequately address issues of qualification and financial incentives and compensation of staff and agents. The B&L and the Draft Transparency Regulation require lenders to minimize conflicts of interest and to train their staff. In particular, the Draft Transparency Regulation requires lenders to ensure professional competence and proper supervision of their staff, including some staff that does not deal directly with consumers (e.g., those preparing advertising materials). It also makes a specific link between inducements and conflicts of interests. The NBFI Act imposes requirements and limits for the appointment and training of management and staff, demanding segregation of duties and internal controls to ensure compliance with regulations and internal policies.34 Industry practices vary significantly, from training and qualification measures being barely existent to having internal policies in place (mainly for international firms) guarantying that staff is appropriately trained and providing incentives to take into consideration consumer protection related issues (i.e., compensation based not only on sales volume but also on qualitative indicators). 72. With respect to agents, there are provisions that guard the rights of consumers, although outsourced sales are not adequately addressed. In general, the regulatory framework (including the Draft Transparency Regulation) is not sufficiently clear as to the application of requirements when third parties, such as sales promoters, are used to sell products. There is a provision in the Draft Transparency Regulation that prohibits lenders to restrict any liability or duty, so this may be used for enforcement in the cases where agents are deployed. With respect to transactions, account opening and loan applications at agent locations, the framework is clearer. The Agent Guidelines35, which apply to all deposit taking institutions and e-money issuers, establishes that the provider is legally liable for the acts of its agents, a liability that remains even when third party agent network managers are used. It also requires minimum agent due diligence, minimum contractual clauses for agency agreements. The Guidelines allow agents to market credit, savings, investment and insurance products, provided that consumer protection legislation and regulation are strictly adhered to.36 2.6.2 Recommendations 73. Specific regulatory requirements should be introduced to curb unfair practices and set minimum business conduct standards for all types of financial services providers regulated by BoG, in addition to lenders. In the medium term, BoG should work on issuing regulatory provisions to prohibit unfair, exploitative, unbalanced or abusive terms and conditions, and to make such terms and conditions void by default if used. Examples of abusive clauses and terms and conditions should 34 Non-Bank Financial Institutions Act 2008, Art. 23. 35 Bank of Ghana, Agent Guidelines, 2015. 36 Bank of Ghana, Agent Guidelines, 2015, Art. 8. 39 be included in the regulation. The criteria for establishing which clauses could be deemed abusive and the procedures for BoG to determine how contractual clauses would be analyzed and determined as abusive (or similar) should also be established. The BoG should refrain from requiring prior approval of consumer contracts and instead define a mechanism by which providers register their model consumer contracts with the MCU, which in turn will have the prerogative to analyze (during the course of its market conduct supervision), disseminate, and require changes to such contracts, and sanction providers making use of abusive terms and conditions.37 74. The BoG should begin assessing the current business practices in all regulated markets and determine whether they are fair and adequate. Assessing fairness of business practices and adequacy or suitability of products offered to consumers is a challenging job for supervisors. For this reason, the MCU could gradually incorporate this topic into its future supervisory process, starting with analysis of observed market practices (e.g., cross-sector thematic reviews and analyses of complaints data reported by financial institutions) and evolve into the assessment of how providers put in practice the concept of treating customers fairly. A well-structured supervisory strategy, as recommended in 2.4.2, will be key to this end. 75. In the longer run, as its consumer protection supervision evolves, BoG supervisors should seek to have a broader understanding of corporate incentives (e.g., financial and other) for staff and senior management that could result in inadequate behavior or conflicts of interest, particularly for sales staff and agents. This could be accompanied by regulations explicitly requiring banks and NBFIs to implement a corporate culture of treating customers fairly, which would not only cover practices and conduct, but also product management and compensation. 2.7 Privacy and Data Protection 2.7.1 Key findings 76. There are some provisions on data protection which apply specifically to banks and NBFIs. For instance, lenders should not disclose information obtained from a borrower unless the information is required under the Credit Reporting Act, 2007 or under any other law or by a court.38 Similarly, the Banking Act provides for basic protection of the privacy of bank consumers’ information, prohibiting directors, officers, or any other employee of a bank from disclosing information relating to the affairs of a customer with that bank. 39 Exceptions to this clause include instances where the disclosure of the information is required by law, by a court of competent jurisdiction, or by the BoG or when disclosure is authorized by the customer or is in the interests of that bank. A similar provision is present in the NBFI Act. 37 For instance, the Mexican financial consumer protection agency, Condusef, has established a system to receive all consumer agreements utilized by financial service providers, and publicize in its website the clauses found to be abusive, with indication of the respective provider and the sanction applied (if any). 38 Borrowers and Lenders Act, 2008, Art.17. 39 Banking Act, Art. 23. 40 77. The Banking Act requires the secrecy of customer information. It provides that a director, an officer or any other employee of a bank shall not disclose information relating to the affairs of a customer with that bank except where the disclosure of the information is required by law, or by a court of competent jurisdiction, or the BoG, or is authorized by the customer, or is in the interests of that bank40 78. NBFIs have similar requirements to the one imposed to banks, as the NBFI Act imposes a duty of confidentiality. According to this Act, a NBFI and its staff shall ensure that transactions are conducted in strict confidence and that the confidentiality of customers is maintained.41 2.7.2 Recommendation 79. BoG should cooperate with the DPC to ensure that at least the legal provisions applicable to banks and NBFI are applied. For more details see section 2.2.2. 2.8 Dispute Resolution Mechanisms 2.8.1 Key findings 80. While the B&L specifically states the BoG can receive complaints from consumers about violation of the Act, no measures are included on IDR. This results in IDR practices being highly variable and range from mature to non- existent and the relevant regulatory requirements are either not present or under development. The B&L Act specifically states that BoG can receive complaints about alleged violations of the provisions of the Act42 but there are no specific requirement for internal, institution level, redress mechanisms. Some Ghanaian subsidiaries or branches of large international and regional providers report having mature internal complaint handling mechanisms that are broadly consistent with international good practices. These reflect the regulatory expectations in the United Kingdom and the EU regarding complaints handling which apply to the group head offices of some Ghanaian subsidiaries. Such good practices include a dedicated unit responsible for complaints handling, clear internal complaint escalation procedures, root cause analysis of complaints, adequate information systems, and reporting of complaint statistics and themes to senior management and group head office. Most other firms in the banking and NBFI sectors reported having rudimentary or non-existent IDR. With regards to regulatory requirements, they are either under development, as the BoG has yet to adopt the regulation on IDR, or are too high-level and do not incorporate the elements of international good practice with respect to standards for IDR operation and procedures. 81. Moreover, even when an IDR scheme is present, most financial service providers are not making their customers aware of the ability to raise a complaint and how to do it. Without an effective requirement for financial service 41 Non-Bank Financial Institutions Act 2008, Art. 41. 42 Borrowers and Lenders Act, 2008, Art. 6 (b). 41 providers to communicate the existence of an IDR process, consumers may not present complaints, abandon their complaint, settle it for an unfairly low amount of compensation, or progress it through informal means with the provider (e.g., through an acquaintance who works for the provider) in the hope of obtaining fair redress. 82. At the industry association level, the Code Compliance Committee established by the GBA claims to play a self-regulatory function to protect the banking sector from disrepute. The Committee would reportedly adjudicate a complaint involving a breach of the voluntary Banking Code of Conduct. According to the GBA, while the decisions are non-binding, redress where deemed warranted by the Committee is incented through peer pressure as collective interest of banks would be the maintenance of the industry’s reputation and perceived avoidance of regulatory measures to control market conduct. The existence of such self-regulatory complaint handling initiatives from industry associations can be helpful to securing consumer redress but they should not substitute or delay the regulatory expectations for each provider maintain an effective IDR. They should also not substitute an effective EDR system in line with international practice (see 2.3 for more detail on EDR). Customers should not be referred to these types of bodies by financial service providers (in this case the Code of Compliance Committee) without being fully apprised of their ability to escalate the complaint to the relevant EDR scheme (in this case, BoG). 83. There is no need to discourage these types of industry association efforts to establish and promote industry practice and/or provide dispute resolution in conjunction with or on behalf of their member financial service providers. Provided consumers are made aware of the ability to escalate any unresolved complaints to the appropriate EDR scheme, voluntary dispute resolution bodies established by industry associations can help attenuate the volume of complaints facing the EDR scheme and can help financial service providers internalize good complaint handling practice through voluntary engagement and peer pressure. 84. The Bank of Ghana has drafted a comprehensive regulation covering internal dispute resolution (IDR) entitled Recourse Mechanisms for Financial Service Providers dated September 2015. The draft regulation applies to all banking and non-banking institutions regulated by the Bank of Ghana. 85. The draft regulation establishes clear expectations that financial service providers will establish internal complaint handling procedures supported by board of directors oversight, senior management accountability, and internal staff training. The draft regulation is backed by Bank of Ghana authority to monitor all internal dispute resolution mechanisms and sanction and fine financial service providers for non-compliance. Financial service providers have specific reporting obligations to the Bank of Ghana which will both facilitate regulatory oversight of internal dispute resolution processes and help to identify potential mass complaint or systemic issues. 86. The draft regulation sets out the steps required of financial service providers to ensure consumer awareness and accessibility of the internal recourse mechanism. It also sets out the basic complaints mechanism expected of financial service providers. Finally, it sets out the obligation to make consumers aware of the ability to appeal decisions of the financial service provider to the Bank of Ghana and how to do so. The draft regulation is largely consistent with international 42 good practice and will establish an effective benchmark for bank and non-bank internal complaint handling. It is therefore recommend the draft regulation be adopted and implemented at the earliest opportunity. 87. Given the value of providing banks and non-banks with clear guidance at the earliest opportunity on internal complaint handling, none of the following suggested enhancements to the draft regulation warrant delaying the implementation of the current draft. For future enhancements to the regulation, the following should be considered to provide greater clarity:  Paragraph 3 – Interpretation: Clarify whether application of regulation to agents in an e-money situation should be broadened to include mortgage and loan brokers and others who receive referral fees from regulated financial service providers.  Paragraph 8 – Provision of adequate information: Provide further guidance as to what constitutes adequate information on the recourse mechanism and greater clarity on when the information should be provided to the consumer. It is helpful to ensure that the first point of contact of a consumer raising an issue is able to provide the consumer with an easy-to-follow yet comprehensive guide to the complaint handling and resolution process of the financial service provider.  Paragraph 15 – Third party agents: Similar comment to Section 3, clarify whether regulation applies to mortgage and loan brokers and others who receive referral fees from regulated financial service providers whether or not they fit the legal definition of “agents”.  Paragraph 18 – Establishment of written procedures: Unclear whether, when insufficient policies and procedures are encountered, Bank of Ghana will modify the policies and procedures, or propose to the financial service provider modifications and improvements as needed. One is clearly intended to be mandatory while the other looks like a non-binding recommendation or suggestion. Clarification of this point would facilitate subsequent compliance reviews by the regulator.  Paragraph 20 – Right to complaint at branch or the Bank of Ghana: If the consumer presents their complaint directly to the Bank of Ghana, it should be clarified if the complaint will be referred back to the financial service provider to enable a first-level handling per paragraph 17 or if the Bank of Ghana will proceed with a level 2 review itself despite the lack of a prior level one review by the financial service provider. If the process is to refer back to the financial service provider, this should be clarified to enable the Bank of Ghana to do so in the face of consumer desire to avoid the financial service provider and engage immediately with the Bank of Ghana.  Paragraph 24 – Translation of verbal complaints: It should be clarified if the financial services providers will be required to reply to complaints in a manner and local language that the complainant can understand if not English- speaking. 43  Paragraph 26 – Confidentiality: It should be clarified who is required to maintain confidentiality, the financial service provider alone or both parties. If only the financial service provider, situations can arise where the consumer makes unsubstantiated allegations about the firm or the complaint handling process that cannot be responded to by the financial service provider because of the confidentiality restriction. It is preferable to have both parties respect the confidentiality of the complaint handling process and, if unsuccessful, allow the consumer to then pursue other means of redress such as the courts.  Paragraph 28 – requirement for extended resolution period: It would be helpful to clarify in the last sentence that the financial service provider is permitted ten (10) additional working days to render decision or refer the complaint (sic) to Bank of Ghana.  Paragraph 42 – Reporting information required: It would be helpful to set out in a separate paragraph following paragraph 42 the required information for the annual summary report to the Bank of Ghana referenced in paragraph 45(5).  Paragraph 44 – Board of Directors responsibilities: In order to appropriately distinguish between the role of the board of directors (in this paragraph) and that of senior management (referenced in paragraph 45), it would be helpful to specify that the board of directors shall be responsible for the oversight of the complaints handling and dispute resolution within their institutions.  Paragraph 47 – Right not to accept complaint: In some jurisdictions this provision would be modified to accommodate situations where the consumer had no reasonable way of knowing that there was a basis for a complaint. For such situations, one possible option is to include a provision that the consumer is required to bring forward their complaint to the financial service provider within two years of when the consumer knew or ought to have known about the act or omission that gave rise to their complaint.  Paragraph 48 – Decision of the court: It should be clarified whether requiring a consumer to withdraw their court action might result in a denial of subsequent legal right to reinitiate their court action should the first two levels of complaint handling set out in paragraph 17 prove unsuccessful. If this is a risk, an alternative is to require the consumer to suspend their court action if this is permitted under Ghanaian law. 44 2.8.2 Recommendations 88. The BoG should finalize and issue the draft Recourse Mechanisms for Financial Service Providers and at a subsequent stage begin oversight of IDR schemes and enforcement of requirements. IDR processes and complaint handling procedures, satisfactory handling of individual complaints, and analysis and reporting of complaint-related statistics and themes should be reviewed as part of the supervisory and enforcement functions of the MCU, or should be incorporated in the inspections performed by the BSD and NSD (with MCU participation) while MCU builds its own supervisory capacity. 3 Payments 3.1 Legal, Regulatory and Supervisory Framework 3.1.1 Key findings 3.1.1.1 Legal and regulatory framework 89. The BoG has the statutory responsibility to promote a sound financial system through prudential supervision of financial institutions and the oversight of payment systems. The statutory oversight responsibilities are stipulated in the BoG Act 2002 which empowers the BoG to “promote, regulate and supervise payment and settlement systems”. 43 The BoG’s mandate for payment systems oversight is further strengthened in the Payment Systems Act (PSA), which authorizes the BoG to establish, operate as well as designate payment systems for its supervision, in the interest of the public.44 90. The Bills of Exchange Act 1961, governs the operations of bills of exchange45 including cheques, as defined in the Act. The Act is outdated, having been passed in the 1960’s and requiring the physical movement of cheques from the collecting bank to the paying bank as part of the clearing process. The requirement of physical presentment is usually associated with manual processes, costly clearing processes and long clearing cycles which ultimately delay the availability of customers’ funds. In this regard the BoG has in collaboration with the banking industry introduced electronic clearing and truncation of cheques in order to curb these inefficiencies. The Act makes no reference to specific issues of consumer protection. 91. The NBFI Act provides for the regulation of NBFIs, including those providing payment services. All NBFIs providing stipulated services, including money transfer services are required to obtain a license from the BoG. The 43 Bank of Ghana Act 2002, Art. 4. 44 The Payment Systems Act, 2003, Art. 1. 45 The Bills of Exchange Act defines a bill of exchange as an unconditional order in writing, addressed by one person to another, signed by the person giving it requiring the person to whom it is addressed to pay on demand, or at a fixed or determinable future time, a certain sum in money to or to the order of a specified person, or to bearer. 45 qualification criteria, procedures for application, licensing, and revoking procedures are all stipulated in the NBFI Act.46 92. The Electronic Transactions Act gives legal certainty and confidence in electronic transactions, which are important for consumer protection. The Act provides solid foundations for the development of electronic products and services in response to customer needs. The Act contains, inter alia, provisions for digital signatures, admissibility of electronic evidence in courts and the retention of electronic records for a minimum period of 6 years. 93. The legal foundation for payments systems in Ghana is generally sound with explicit provisions for the BoG’s involvement in payment systems and statutory provisions addressing issues relating to consumer protection. Part II of the PSA specifically deals with customer information and participants’ obligations with respect to a transaction. This covers, among others, provisions relating to transparency, information pre and post execution of the transaction, delays, rights and obligations relating to availability of the funds transferred and refund in the event of non-execution. 94. Using the mandate drawn from the various statutes, the BoG has issued rules, guidelines,47 directives, and other instruments to regulate the operations of the various payment streams. While the overall regulatory framework lightly touches upon FCP, the BoG Guidelines for E-money Issuers in Ghana (E-money Guidelines) has a dedicated section on FCP. Section 26 of the E-money Guidelines, for example, specifically deals with consumer protection issues, requiring all e-money issuers to respect basic consumer principles such as fairness, transparency, disclosure, complaints handling, among others. These requirements are also reinforced in the Agent Guidelines that bind both financial institutions and e-money issuers. However, these guidelines cover e-money issuers and do not apply to other types of payment service providers. The Agent Guidelines keep providers responsible for complying with consumer protection provisions set in other regulations. 95. The BoG has delegated authority to run retail payments infrastructure for both banks and NBFIs to its wholly owned subsidiary The Ghana Interbank Payment and Settlement Systems (GhIPSS) Limited. GhIPPS administers the Ghana Bankers Clearing House Rules which are designed to facilitate the speedy processing of cheques, direct debits and credits and other payment instruments cleared through the automated clearing house (ACH). All banks including the Bank of Ghana are members of the ACH run by GhIPPS and hence are bound by these rules in their own capacity or as agents of other entities that are not direct participants in the ACH. The Rules mandate the establishment of a Bankers Clearing House Association comprising of a representative from each member bank; this Association acts as an advisory body to the GhIPPS. The Rules do not deal with issues of 46 Non-Banking Financial Institution Act Art. 3, 4, 5 and 7. 47 These include the Cheque Code line Clearing Guidelines, the ACH Direct Debits and Direct Credits Guidelines; Ghana Bankers Clearing House Rules; GH Link Operational Guidelines; Guidelines for E-money Issuers; Agent Guidelines. 46 consumer protection but focus more on operational and compliance issues for participating institutions with appropriate sanctions for noncompliance. 96. The Guidelines and Operational Procedures for Cheque Codeline Clearing with Truncation (CCC) provide for the electronic clearance of cheques supported by truncation and use of cheque images instead of physical cheques. The Guidelines deal more with operational and procedural issues with no explicit provisions for dispute resolution and consumer protection issues. The only aspect that has a bearing on consumer protection is the section that mandates banks to post debits/credits to their customers’ accounts on the value date. The direct debits and credits are regulated by the ACH Guidelines and Procedures for Direct Credits and Direct Debits as defined in Subsection 1.3 of these Guidelines. The latter while defining responsibilities and rights of the participants and the scope of applicability lack explicit provisions for consumer protection and dispute resolution mechanism. 97. The national switch Gh-link also has its Operational Guidelines that act as rules and procedures dealing with roles and responsibilities, interchange fees, cash withdrawal fees, inter alia. The rules and processes to guide dealings with the switch and between members as well as provide consistency for the integrity of the system. Ultimately, the goal is to protect participants in the system against each other and ensure adherence to agreed standard practices. 98. The Guidelines for the operation of ATM and point of sale platforms do not cover mobile network operators (MNOs) and other non-bank service providers. In the absence of explicit pronouncement indicating that these would also be binding on any service providers venturing into this space, a possible regulatory gap exists and this could affect customers participating in schemes offered by non- bank service providers using these devices. 99. Not all payment services providers are required to be licensed or authorized by the BoG. While e-money issuers need to be authorized by BoG and the authorization can be withdrawn by BoG at any time,48 most retail payment service providers are currently not regulated nor subject to oversight by the BoG. Hence, payment service providers such as aggregators and payment platforms are not subject to licensing or authorization requirements, despite holding valuable payments information on customers which needs to be governed by specific data protection provisions. They are also usually responsible for technical features in service provision that may impact the reliability, safety and quality of services rendered to consumers. 3.1.1.2 Supervisory framework 100. The PSA has no explicit provisions for the oversight of payment services and providers in general. While the National Payment Systems Oversight Framework (NPS Oversight Framework) stipulates the oversight scope of the BoG as covering systemically important payment systems, securities settlement systems, 48 Bank of Ghana, Guidelines for E-money Issuers in Ghana, Art. 6. 47 providers of critical services,49 the BoG is yet to fully carry out the oversight activities in line with international good practices and principles. For this reason, there appears to be no enforcement of some of the customer related provisions outlined in the E- Money Guidelines and the PSA. 101. Additionally, the payments system oversight function is limited both in terms of resources and technical expertise, and by the current organizational structure within the BoG. The setting up of a National Payment System Office (NPSO), which is housed in the Banking Department, is a positive development. However, it needs to be complemented by the recognition of the payment systems oversight function at the right level within the organizational structure, supported by adequate staffing resources in both numbers and skills. In fact, at present the NPSO does not enjoy an adequate level of independence nor the same hierarchical level of other supervision departments, like BSD or NSD. There is also a risk of potential conflicts of interests between the Banking Department’s dual role as an operator and overseer of the NPS. 3.1.2 Recommendations 102. In the short term, as a high priority, the BoG should review the legal and regulatory framework governing payments, and strengthen the BoG’s mandate for oversight of payment services and FCP. In the review of the legal and regulatory framework BoG should be given a clear mandate for oversight of payment systems, services, and instruments. This review process would help identify gaps and inconsistencies that may need to be addressed, such as the fact that only certain products and providers are currently regulated, including from a FCP perspective, while others are not. This reform should also codify and expand the current rules on FCP to go beyond transparency and address fair treatment, redress, and security of systems and customers’ information, in accordance with the Data Protection Act. 103. In the short to medium term, BoG should also take into consideration whether deposit insurance (once the Deposit Insurance bill is passed) should also apply to e-money products. Although it is a new phenomenon, in some countries e- money issuers are required to put in place mechanisms to protect customers’ funds, in addition to the requirement to separate customer funds from the issuer’s own operational accounts (e.g., through trust accounts). For example, the regime for pass through deposit insurance in Nigeria establishes that the “pool” collected by e-money issuers must be placed in one or more custodial accounts with an insured and prudentially regulated depository institution (i.e. a bank) and protection is provided to individual consumers indirectly through the custodial account provider which is a member of the deposit insurance system. 104. In the medium term, the BoG should provide for standalone status of the payment system oversight function and incorporate explicit provisions in the PSA in order to strengthen the BoG’s mandate in this area. Dynamic developments in the area of retail payments call for continuous undivided attention by 49 These could be network service providers, security printers, payment instruments including cheques, electronic cards, mobile money transfers and ACH direct credit and debits. 48 central banks and adequate resources in order to effectively respond to the regulatory and supervisory challenges. The NPSO should become an independent department with hierarchical level similar to the BSD’s, and be given clear responsibilities in relation to other departments within BoG (e.g., with respect to the role the MCU in FCP) and external stakeholders. 105. The BoG should embark on capacity building of payment system oversight function by strengthening NPSO as proper supervision is an important aspect of FCP. In regards to market conduct supervision of payments, it should commence with capacity building of MCU. Strengthening of NPSO is a prerequisite for maintaining a strong oversight function within BoG, given that rapid developments in the payments business often create a knowledge gap between the payments overseer and the industry. As the MCU unit builds its capacity in relation to market conduct supervision, it could establish a cooperative arrangement with NPSO and consider joint onsite supervisory visits as part of the training process before assuming this role on its own as part of broader and independent market conduct supervision. 106. In the short term the cooperation framework should be strengthened, both internally within the BoG and externally with other regulators and the industry. The NPSO should strengthen its cooperation with other BoG units, in particular with the MCU, and with other regulatory authorities, such as the telecommunications regulator, on the basis of standards set by the Committee on Payments and Market Infrastructure (CPMI). In fact, for having an explicit objective of maintaining trust and confidence in money, payment overseers usually take an interest in some FCP issues. Where they do not have the full mandate in FCP, they should collaborate and co-operate with the relevant authorities, in particular in relation to MNOs. The approaches to achieve collaboration and co-ordination across authorities include creating a National Payment Council (NPC), establishing MoUs between authorities and including FCP as part of existing co-ordination mechanisms like inter-regulator councils. Intra-organization collaboration and co-ordination could be achieved through designated committees/standing groups. 107. In the same spirit of cooperation, the BoG should also aim at establishing a NPC to facilitate dialogue with all relevant stakeholders in the payments systems modernization process. The NPC acts as the forum for dialogue between the central bank and NPS stakeholders on payment system strategic and policy issues, including relevant consumer protection ones. Successful cooperation between the BoG, which also include the MCU for consumer protection issues, and the stakeholders is essential to promoting and facilitating the development of the NPS and guaranteeing that customers are treated fairly. 3.2 Disclosure and Sales Practices 3.2.1 Key findings 108. Overall, provisions on disclosure and sales practices are scattered and scarce; when existent, they are often not applied or enforced. While there are some provisions on disclosure, these are neither systematic nor comprehensive and do not apply across all payment service providers. Format and manner of disclosure is not regulated, although this is particularly important in relation to e-money products, 49 which are often only accessed through mobile phones and target low-income customers. 109. Advertisement in relation to payment services and products is only lightly regulated. The E-Money Guidelines provide some basic principles on what the minimum content should be for advertising and sales materials: these materials need to follow the basic principles of transparency and honesty and provide contact details of the relevant e-money issuer. The rules only apply to e-money issuers and no definition or examples of what transparency and honesty mean are provided. 110. The PSA establishes basic rules on transparency governing pre- contractual disclosure, including indication on the minimum content. Even though the PSA establishes that there should be overall transparency50 and consumers should be given pre-transactional information,51 this does not seem to be the practice in Ghana. Not only clearer requirements have not been put in place by BoG but also information is not provided to consumers, which may also be due to the fact that the PSA only mentions that this information should be provided upon request. Similarly, while the PSA establishes rules on the minimum content of the information that should be given to consumers, it does not provide a standard format nor it requires this information to be given in a durable medium. 111. The E-Money Guidelines establish basic transparency requirements but these do not appear to be implemented in practice and are not enforced. By regulation, e-money issuers are obliged to disclose sufficient information in a timely manner on the fundamental benefits, risks and terms of the product. 52 Similarly, although not clear at which stage of the relationship this information should be provided, e-money issuers should provide product material indicating key information (a detailed list is included in the E-money Guidelines). 53 This requirement is not implemented in practice by the majority of e-money issuers. 112. Similarly, no written agreements are handed to e-money customers, despite this being an explicit requirement contained in the E-Money Guidelines. The guidelines require e-money issuers to enter into a written agreement with every e- money account holder for whom they open an e-money account and provide it to consumers in a durable medium54. Despite this explicit requirement, probably due to the lack of supervision, this provision does not seem to be applied. 113. Although there is no clear requirement for payment service providers to issue users account statements, there is a general requirement to produce transactions receipts. In fact both the PSA and the E-money Guidelines require payment service providers to give information subsequent to the execution of a transfer. While the PSA indicates basic details which need to be included in the receipt, 55 the E-money Guidelines, in the context of technology and security 50 Payment Systems Act, 2003, Art. 6. 51 Payment Systems Act, 2003, Art. 7. 52 Bank of Ghana, Guidelines for E-money issues in Ghana, Art. 26.2. 53 Bank of Ghana, Guidelines for E-money issues in Ghana, Art. 27.2 (a)-(e). 54 Bank of Ghana, Guidelines for E-money issues in Ghana, Art. 27.2 (a)-(e). 55 Payment Systems Act, 2003, Art. 8. 50 requirements, impose an obligation on e-money issuers to notify customers of all transactions on their accounts either via electronic notification or a physical receipt.56 114. Transparency in the remittance market appears adequate, although some money transfer operators (MTOs) apply less favorable rates to customers . This is particularly the case with the larger international MTOs that do not use official BoG exchange rates. The cost of sending/receiving money normally comprises various elements including commission paid by the sender and receiver, margin charged by remittance service providers on the exchange applied, taxes etc. Good practices in this field require transparency and adequate protection for consumers in the provision of remittance services. While there is general disclosure of fees and commissions applicable to remittance services the exchange rate applied to transactions in the conversion process is not always known, particularly in the case of non-bank remittance service providers. 3.2.2 Recommendations 115. In the short term the BoG should lay down requirements, by issuing a notice or a guideline on transparency, for payment service providers to have in place clear pre-contractual disclosure materials and procedures. This requirement should apply to all payment service providers indistinctly and should be such that the information is disclosed to the customers mandatorily and in the right manner, format and time. Once this requirement is in place, the MCU should coordinate with the NPSO to ensure it is implemented by providers, and take enforcement actions in case of non-compliance. 116. Similarly, in addition to introducing basic disclosure requirements, the BoG should also impose an obligation on payment service providers to provide consumers with a copy of the terms and conditions. Given the specificity and uniqueness of payment services and products, this requirement should vary based on the specific service offered. For payment service provided on a regular basis, such as e-wallets, the information provided should resemble standard terms and conditions;57 if a store value product (e.g., e-money) is provided additional information should be included (e.g. whether there is interest payment, whether the product is covered by deposit insurance, etc.). For one-off transactions, like a money transfer service, the 56 Bank of Ghana, Guidelines for E-money issues in Ghana, Art. 8. 57 For example, it should include: Identification of the PSP, at minimum by its full name and address, where applicable also by its identification number and contact details; Key service features (including risks) and terms and conditions of the agreement; How and when the terms and conditions may be altered unilaterally by the PSP, and how and when the consumer will be warned about the upcoming change; All costs, fees and charges (including fees and charges by third parties, particularly if related to the use of a payment instrument) that flow or may flow from the agreement and when they can be applied, and how they are calculated; Key rights and responsibilities of the consumer, including any obligation to pay applicable taxes on income generated by the agreement; Monetary penalties and any other remedies the PSP may seek to impose in the event of a breach of the agreement by the consumer, including default; How disputes with the PSP can be solved, with contact and process information about internal and external dispute resolution mechanisms available; The summary of procedures in the event of a suspicious, unauthorized and mistaken transaction, fraud, system malfunctions, lost or stolen payment instruments and/or authentication information, including contact information, relevant fees and charges and the parties’ liability in such cases; and any transaction restrictions (e.g. limits on the value of daily transactions) and balance limits. 51 basic information (e.g., fees and charges, limits on the amount, timeframe, etc.) should be provided. 117. In the medium to long term, BoG should consider putting in place a standardized disclosure form for basic payment services and products. In certain countries, including in the European Union, it is common practice that in the pre- contractual stage payment service providers need to give to consumers a “fee information document” on paper or another durable medium containing the standardized terms in the final list of the most representative services linked to a payment account. This document should be, among other, short, clear, comparable across providers and easy to understand. 118. All remittance service providers, banks and non-banks, should be mandated to comply with the same disclosure requirements including the exchange rate applied for both inward and outward remittances. The banks in Ghana are the authorized entities for dealing in outward remittances and are mandated to use the exchange rate that is published on a daily basis. However, there is no similar explicit requirement for remittance service providers (non-banks) handling inward remittances; hence the exchange rate applied to transactions is not always disclosed to customers. 3.3 Fair Treatment and Business Conduct 3.3.1 Key findings 119. The legal framework contains provisions for the fair treatment of consumers. Part II of the PSA specifically deals with customer information and participants’ obligations with respect to a transaction. Although not in detail, the PSA lays down basic requirements for business practices. It imposes basic standards for payment service providers to follow to avoid abusive practices such as imposing on consumers unnecessary delays.58 Similarly, the PSA obliges providers to make funds available within the agreed time or within the standard limit applicable to the system.59 120. Although there are no specific provisions on mistaken transactions, the PSA imposes certain requirements on refund in the event of non-execution. In case of non-execution, payment service providers are obliged to refund the money to the originator and to pay an interest calculated by applying the 91-day Treasury bill discount rate.60 However, if the transaction is not executed because of a mistake by the originator then he/she is not entitled to the interest rate.61 In practice, e-money issuers do not commit to refunding the originator in case funds are transferred to the wrong person/number (a very common error by e-money users in Ghana), although they might attend to consumers who report the problem before the funds have already been withdrawn by the receiver of the funds. 58 Payment Systems Act, 2003, Art. 10. 59 Payment Systems Act, 2003, Art. 11. 60 Payment Systems Act, 2003, Art. 16.1-3. 61 Payment Systems Act, 2003, Art. 16.4 52 121. The E-money Guidelines further specify additional requirements for e- money issuers on responsible conduct and professional competence. In general terms the e-money issuers are required to ensure that their staff and authorized agents behave responsibly towards consumers. 62 For what concerns the management, the licensing requirements include fit and proper standards for individuals proposed to manage or control the e-money issuer, such as qualifications to perform their functions.63 122. In relation to agents, e-money issuers are required to keep a registry of all their agents. E-money issuers are required to provide a list with the name and location of all customer service points and all agents. They must also allocate a unique ID number to each agent, and display it at the agent point. They are also required to send a short message service (SMS), or any other effective means of information, to customers of agents that are to close down. These rules are generally in line with international best practice and largely applied in practice. In addition, they are complemented by similar requirements of the Agent Guidelines, which are applicable to all deposit-taking institutions providing transactional services at agent locations and e-money issuers. 123. Provisions for the protection of customer funds relating to e-money issuance and transactions are in place and reportedly applied by e-money issuers. For instance, e-money issuers are required to keep 100 percent of the e- money float in liquid assets with need to remain unencumbered.64 Following the same principle and to avoid agent frauds, e-money issuers are required to reconcile liquid assets (daily by 4 PM) held in the pooled account(s) with the total amount owed to their customers, agents, and merchants. 65 Moreover, the e-money float cannot be commingled with other funds and shall be held in one or more banks in Ghana. 66 BoG is not yet conducting routine supervision to check how effectively these requirements are met in practice. 124. Finally, although there are provisions allowing the transfer of interests paid on the float to customers, there are some issues relating to its application. Similarly to countries such as Tanzania and Kenya, BoG has allowed for the interests paid on the float accounts to be transferred to e-money customers. The E-Money Guidelines include specific rules on the payment of such interest.67 However, there are currently disputes between banks and e-money issuers which require further investigation to ensure the smooth implementation of the regulatory provision that would benefit customers. 3.3.2 Recommendations 125. Specific regulatory requirements should be introduced to curb unfair practices and set minimum business conduct standards for all types of providers 62 Bank of Ghana, Guidelines for E-money issues in Ghana, Art. 26.5. 63 Bank of Ghana, Guidelines for E-money issues in Ghana, Art. 7.4 (g). 64 Bank of Ghana, Guidelines for E-money issues in Ghana, Art.16.1. 65 Bank of Ghana, Guidelines for E-money issues in Ghana, Art.16.3. 66 Bank of Ghana, Guidelines for E-money issues in Ghana, Art. 17. 67 Bank of Ghana, Guidelines for E-money issues in Ghana, Art. 10. 53 regulated by BoG, in addition to what is already in place for e-money issuers. In the medium term, BoG, in particular the NPSO and the MCU, should work on issuing regulatory provisions to prohibit unfair, exploitative, unbalanced or abusive terms and conditions, and make such terms and conditions void by default if used. Examples of abusive clauses and terms and conditions should be included in the regulation. The criteria for establishing which clauses could be deemed abusive and the procedures for BoG to determine how contractual clauses will be analyzed and determined abusive (or similar) should also be established. 126. The BoG should begin assessing the current market practices and take enforcement actions when regulations are not respected. Given that e-money issuers are obliged to act fairly the BoG should assess whether the current practices are fair and reasonable. The BoG should also ensure compliance with the requirements which are already in place, such as maximum transfer times, the obligation to make funds available upon transfer, and the obligation to refund customers in the event of non-execution. 3.4 Data Privacy and Protection and Operational Reliability 3.4.1 Key findings 127. In the legal and regulatory framework there are requirements for payment services providers to have secure and reliable systems. In fact, e-money issuers not only must have prudent management and internal controls68 but are also required to ensure high-quality performance (99.5% service availability) of the system.69 128. Debit and credit cards are issued to customers on the basis of terms and conditions that absolve banks from liability for any loss or damage arising from misuse of such cards. With the advent of cybercrime and the prevalence of card fraud a review of this situation is necessary in order to enhance customer protection in this area. This is particularly important given the tendency to move to more electronic and other non-cash based means of payment under the overall financial inclusion agenda. 129. For Data Privacy and Protection see section 2.2. 3.4.2 Recommendations 130. BoG and the DPC should work together to ensure that payment services providers adopt measures to ensure the protection of customers’ information (for more details see section 2.2). This is particularly important in relation to retail payments, given the pervasiveness of retail payments transactions in the daily lives of all adults. Also, as they are characterized by large volumes, they form a rich source of information which needs to be protected against misuse. A payment transaction in addition to the data on the underlying transaction, also has information on the location of the transaction, as well as the time of the day. 68 Bank of Ghana, Guidelines for E-money issues in Ghana, Art. 9. 69 Bank of Ghana, Guidelines for E-money issues in Ghana, Art. 27.1. 54 131. The BoG, in the medium term, should issue a regulation requiring customer authentication and set minimum rules for providers to avoid and deal with mistaken and unauthorized transactions. In line with international best practice: a. All payment transactions need to be authorized in the manner agreed between a consumer and a payment service provider. The authorization method should be based on an authentication process that uses unique identifiers known to (Personal Identification Number – PIN), possessed by (a token) or associated with (biometric data) the consumer. b. A consumer’s liability for losses from unauthorized transactions should be limited to a maximum amount specified by law, except for the instances of fraud and gross negligence. A payment service provider should be required to provide evidence that the conditions for the consumer’s liability have been met. c. A payment service provider should be required to provide necessary assistance to consumers to recover mistakenly transferred funds. 3.5 Dispute Resolution Mechanisms 3.5.1 Key findings 132. The E-Money Guidelines have detailed requirements on IDR. 70 E-money issuers are required to set up effective procedures that allow users to submit complaints. At a minimum they should have in place mechanisms which are easily accessible and understandable. This seems to be applied in practice. For instance, MNOs have call centers which are free of charge, which can be used by the customers of e-money issuers owned by MNOs. The contact information is usually displayed at branches and agent locations. In addition, the Agent Guidelines requires e-money issuers to ensure that their IDR works equally well when agents are used and agents should display the contact number for the issuer’s IDR.71 133. Not only e-money issuers are required to have such a mechanism but also they are required to follow certain standards. In accordance with international best practice, e-money issuers need to solve complaints within a specified timeframe (5 days + 10 days if needed but the customer must be informed) and they are required to have in place a mechanism allowing consumers to have sufficient information on the status of the complaint. 134. For EDR see section 2.3. 3.5.2 Recommendations 135. In the short term, BoG should issue a regulation imposing minimum IDR requirements to all payment service providers, similar to the existing requirements of the E-Money Guidelines. 70 Bank of Ghana, Guidelines for E-money issues in Ghana, Art. 28. 71 Bank of Ghana, Agent Guidelines, Art. 21. 55 136. To reinforce the regulatory expectations and improve compliance among bank and non-bank financial service providers, the BoG should develop training for financial service providers to support adoption of clear requirements for internal complaints handling. 137. For EDR see section 2.3. 4 Insurance 4.1 Legal, Regulatory and Supervisory Framework 4.1.1 Key findings 138. The regulation and supervision of insurance in Ghana is divided between private health insurance and life/non-life insurance, with different approaches taken for each. All classes of insurance, except for health insurance, are regulated under the Insurance Act,72 and supervised by the NIC. Health insurance is regulated under the Health Insurance Act,73 and is supervised by the National Health Insurance Authority (NHIA). Health insurance is not defined in either law, leading to confusion and potential gaps or overlap in regulation, particularly for health microinsurance products. Although the NHIA’s legal department is of the view the NHIA regulates only the insurance issued by a licensed private health insurance schemes (PHIS), this interpretation may lead to problematic results, such as where health insurance can then technically be offered by other insurers outside the Health Insurance Act regime or potentially unlicensed providers, and where PHIS could arguably issue products that are not actually health insurance. 139. Across all insurance classes, and in particular non-life and health insurance, strong competition and apparent underpricing of risk has led to concerns about insurer stability and the timely payment of claims. This issue has received focus from both NIC and NHIA. At the end of 2015, both the NIC and the NHIA implemented a new solvency framework, and are focused on bringing insurers into line with new or target solvency ratios and ensuring the prompt payment of claims. 4.1.1.1 Insurance (other than health insurance) 140. The NIC seems to have an implicit legal mandate for consumer protection. The Insurance Act specifies the functions and objectives of the NIC, which includes elements of consumer protection, albeit that these are not explicitly stated. Those functions relevant to consumer protection include approving and setting standards for the conduct of insurance business and insurance intermediary business, to encourage the development of and compliance with the insurance industry’s code of conduct, to provide a bureau for resolution of consumer complaints, to arbitrate claims referred to the NIC, and to educate the public on insurance. 72 Insurance Act, 2006. 73 National Health Insurance Act, 2012. 56 141. The NIC has a broad range of powers but faces resource constraints for market conduct supervision. The Insurance Act requires that all persons conducting insurance business, and all insurance intermediaries have a license from the NIC.74 The NIC has powers to conduct inspections, investigations, issue directives, take action against unlicensed operators, terminate directors or principal officers, conduct examinations, and revoke or amend licenses. 75 However, the NIC has only one supervisory department, which is tasked with both prudential and market conduct supervision. Despite the resource constraint and the priority given to financial stability, the NIC appears to be proactive and aware of key consumer protection matters in Ghana, and continues to improve its coverage of, and response to, such issues. For instance, the NIC’s risk-based supervision model prioritizes addressing higher risk consumer protection matters such as claims handling. 142. The Insurance Act contains limited consumer protection provisions, so the insurance consumer protection framework has typically relied on regulation and standard-setting by the NIC. The Act includes provisions dealing with such items as fit and proper requirements for shareholders and principal officers of insurers and intermediaries, some client money handling requirements, prohibitions on misleading materials, mandated NIC approval of insurance products, and restrictions on dealing with unlicensed insurers or intermediaries. There are no provisions governing contracts of insurance. The NIC was, within six months of the commencement of the Insurance Act, required to issue a code of practice for insurers and intermediaries, and to issue market conduct rules. No code has been issued, and market conduct rules exist only with respect to microinsurance. The NIC has issued a number of Guidelines under its power to issue directives, which makes them binding.76 143. The uptake of microinsurance is increasing in Ghana, and the NIC has cautiously encouraged its growth by providing a clear framework, and building consumer awareness. The Microinsurance Market Conduct Rules only permit existing licensed insurers to write such business, but allows insurers to utilize a set of qualitative tests to classify a product as microinsurance, such as whether the product is designed to meet the needs of, and be affordable and accessible to, a particular target market. By meeting these criteria, the product is subject to less onerous requirements as compared to conventional insurance. Currently, the microinsurance market is led predominantly by mobile network providers offering “free” and paid products, although free products are currently being withdrawn from the market. 144. The NIC engages in consumer education and public awareness about insurance, but should publish timely information regarding the insurance industry. The NIC runs a series of regular educational activities, and collaborates with international development partners to produce targeted education tools such as videos on microinsurance in local dialects. However, there is opportunity to improve dissemination of industry-wide information. For instance, at the time of this review, 74 Insurance Act, 2006, Art. 36 and Art. 126. 75 See generally, Insurance Act, 2006 (Act 724). 76 Some of these, such as the Claims Management Guidelines, were not accessible on the NIC’s website, so a full analysis of them cannot be provided. 57 the latest Annual Report that was publicly available on NIC’s website was for 2011, and the website does not contain a clear and easy to understand information source for consumers, which seems to be a missed opportunity. It is important that the public has ready access to up to date information on the state of the industry and the stability of insurers. 145. The NIC expects to shortly release a draft Insurance Bill for consultation. A new draft insurance law for Ghana went through a round of consultation in 2013, and the NIC is preparing a new draft Bill to put out for consultation and subsequent introduction to Parliament, with a stated target of mid-2016. The draft Bill, much like the existing Insurance Act, does not contain extensive consumer protection rules and relies on the NIC to issue specific requirements. 4.1.1.2 Health Insurance 146. The NHIA’s oversight of PHIS potentially conflicts with its broader mandate, which is to achieve universal healthcare in Ghana. The mandate covers the provision of access to healthcare services to persons covered by the national scheme, managing the National Health Insurance Fund, and paying claims and accrediting healthcare providers under the national scheme. However, the NHIA also has a mandate to regulate and supervise PHIS. Managing the relationships with health care providers and grouping supervision of PHIS with the national (public) scheme may compromise the effectiveness of supervision due to difficulty in balancing the two mandates, and the potential conflicts that may arise. For example, the social objective of ensuring universal access to affordable healthcare may not be aligned with the need to ensure the short- and long-term sustainability of for-profit, commercially-run PHIS. This is exacerbated by many challenges facing the NHIA, such as expanding the scheme to the informal sector, and fiscal shortfalls. 147. The NHIA has created the PHIS Directorate to oversee the PHIS, but it seems to lack independence. The Health Insurance Act resulted in numerous reforms to NHIA, including the creation of a dedicated PHIS Directorate. The PHIS Directorate does not, however, operate independently, as it reports to the NHIA Deputy CEO, and the NHIA Board 77 determines its mandate, resourcing, and objectives/priorities. The Directorate’s structure, reporting and funding model do not indicate independence in the execution of its supervisory and enforcement functions. 148. NHIA’s supervision and enforcement powers are limited. NHIA’s purpose relating to PHIS includes their registration and supervision, ensuring the efficiency and quality of services, and the protection of the interests of members. A PHIS must be registered and licensed either as private commercial or mutual schemes. The NHIA’s supervision and enforcement powers are limited, with primary powers being the revocation, suspension or amendments to licenses, inspection powers, the power to issue binding directives, appointing an actuary to investigate in certain circumstances, or appoint of interim management of a scheme if a license is revoked. With the exception of one sanction for the use of health insurance terms without being 77NHIA Board must include a member of the senior staff of the NIC, which is currently the Commissioner for Insurance. 58 licensed, there are no sanctions for breaches of the law beyond license revocations or suspensions, which can lead to harsh outcomes that lack the necessary nuances required for effective supervision and enforcement, although the NHIA appears to have attempted to introduce sanctions through its PHIS Guidelines. 149. The regulatory framework for PHIS is underdeveloped and there is limited focus on consumer protection. After the NHIA clarified its expectations of both commercial and mutual schemes in 2015, all or most mutual providers are currently converting to commercial licenses, and hence to more strict regulations. It appears that some provisions of the Insurance Act are intended to also apply to health insurance schemes78 but these are described in the law by subject matter rather than by reference to specific provisions, which leads to uncertainty. Consumer protection provisions in the Health Insurance Act include security deposits, some fit and proper requirements for directors and principal officers, the provision of annual reports or of “essential” information on capitalization, reserves and other information to the NHIA, the potential for the Minister for Health to prescribe minimum healthcare benefits for PHIS, the mandated issue of an identity card and information on the insured’s rights, obligations and benefits, restrictions on rights to terminate a member, and the requirement for internal complaints handling processes. However, even these provisions appear to be inadequate, such as allowing a mutual PHIS to take up to three years to place its security deposit with the NHIA 79 , which leaves members vulnerable to the failure of the PHIS in the intervening period. 150. The PHIS Directorate has limited capacity, no specialized expertise in insurance and no dedicated consumer protection staff. The NHIA recognizes its need to build capacity in insurance supervision generally, and has sought the necessary resources, as well as assistance with capacity building on prudential supervision from the NIC. However, the PHIS Directorate’s current focus is securing the financial strength of PHIS, and the conversion of mutual schemes to commercial schemes. The senior staff of the PHIS Directorate have only limited exposure to financial services supervisory practices and concepts. Moreover, although a number of staff have extensive experience with healthcare and the (public) national insurance scheme, there is a clear need for specialized knowledge and experience specifically in insurance.80 Nevertheless, the Directorate conducts quarterly reviews of insurers, in which it covers consumer protection issues such as the timely payment of claims, internal complaint handling processes, consumer data protection, and ensuring employee information sessions are held where an employer signs up to a scheme. 151. The NHIA does not publish a list of registered PHIS on its website, or aggregated information such as on complaints or the financial strength of the sector. The NHIA intends to publish a list of registered PHIS and their financials after 31 March 2016, when updated financial reporting is due. The most recent Annual Report of the NHIA available on its website, which is for 2013, includes only a half- 78 Health Insurance Act, Art. 75. 79 Health Insurance Act, Art. 79. 80 Whilst it has elements in common with the national scheme, private health insurance operates under commercial insurance contracts, has profit-making objectives, and needs to ensure disclosure and fairness of services. 59 page section on the PHIS, and none of NHIA’s stated 2013 targets relate directly to PHIS. 4.1.2 Recommendations 152. The NIC and Government should finalize and pass the new Insurance Act and reform the Health Insurance Act to establish a stronger framework for consumer protection. a) Both Acts should clearly state the NIC’s and the NHIA’s mandates for consumer protection, and more clearly differentiate what is covered by each. The consumer protection mandates should include ensuring fairness and transparency of the insurance market. b) The laws should also include specific provisions on consumer protection. The introduction of a separate part of the laws relating to consumer protection would both elevate the importance of protecting consumers, and establish the core framework for the structure of regulation and supervision in this area. In particular, the laws should contain general statements of principles such as the requirement for fairness and the ethical conduct of insurers and intermediaries. Principles-based regulation provides the opportunity to establish a framework for the fair treatment of customers, and can be fleshed out with specific rules and adjusted as market developments occur through the issuing of Rules and other instruments by the NIC or the NHIA. In addition to a principles-based approach, the laws should contain a number of specific provisions, such as those regulating the insurance contract. c) The laws should also give the NIC and NHIA clear powers to issue binding instruments, and make it clear which instruments are either binding, with clear legal consequences for breach, or that are merely guidance that reflect the individual agency’s interpretation of the law. d) The Health Insurance Act should give the NHIA strengthened and sufficient enforcement powers, and attach a clear sanctions regime (with both administrative and criminal penalties) for breaches of the law. e) The meaning of “health insurance” and “health insurance schemes” should be clearly defined in the Insurance Act and the Health Insurance Act in order to avoid regulatory uncertainty, and cross-references between the two Acts81 that are out of date and vague need to be deleted or made specific in their application. In introducing such definitions, consideration will need to be given to the potential impact on existing health microinsurance products, and ensuring such products have the benefit of the NIC’s microinsurance regime. 153. Opportunities should be considered to effect a common regulatory and supervisory approach for consumer protection across all insurance classes. The NIC has made strides in its consumer protection capability, framework and implementation, and demonstrates a proactive approach. The NHIA should leverage 81 See National Health Insurance Act, Art. 75 and Insurance Act, Art. 214. 60 off this experience and the existing rules, and focus on building internal capability in consumer protection. Both agencies should collaborate to effect a common framework and standards for consumer protection across all insurance classes, noting that different classes of insurance such as health or life insurance would also be subject to bespoke rules, and require specialist expertise. The common standards could encompass product disclosure, sales practices, claims handling, and complaints handling. Consideration should ultimately be given to formally merging regulatory and supervisory responsibility for consumer protection across all insurance classes under one agency, as it would provide more consistent consumer outcomes, and better utilize scarce resources. This could be achieved through an MoU, or formally (by law) through the merging of responsibilities for insurance into a single insurance supervisor. 154. Both the NIC and the NHIA should have clear and measurable plans to improve their consumer protection capability and activities, and ensure that, over time, consumer protection receives dedicated focus, and sufficient priority as compared to prudential supervision. The NIC and the NHIA should consider separating supervision of consumer protection from prudential matters, given the substantially different skillset required. This transition could start with the allocation of dedicated staff to a consumer protection function within the supervision department. Ideally, consumer protection supervision should be elevated to the same level within the organization as prudential supervision. 155. Both the NIC and NHIA should publish key information on the insurance sector in a regular and timely manner, ensuring easy access for consumers, the insurance sector and other stakeholders. In particular, NIC and NHIA should: a) Ensure they produce a report on at least an annual basis that contains an overview of their work in insurance supervision (including consumer protection), and on the insurance sector, including aggregated financial and statistical complaints information from insurers. The annual reports should be promptly published on their websites so that they are easily available to the public; b) Ensure that their websites contain an up to date, full set of current statutory instruments affecting the insurance sector, so it is clear to the industry and public what the statutory regime is; and c) Ensure that there is a part of their website that is easy to access and understand, which is designed to provide information to assist consumers, particularly on microinsurance. 156. The NHIA should: a) Increase the amount of information in its Annual Report relating to PHIS, or produce a separate annual report on PHIS; b) Establish and publish annual targets and priorities, and report on the progress of these in its Annual Report; and c) Publish on its website an up to date list of registered health insurance schemes and all current regulatory instruments such as Rules, Guidelines or Directives. 61 4.2 Disclosure and Sales Practices 4.2.1 Key findings 157. There are only very limited requirements regulating disclosure and sales practices. A key provision is the requirement for new “forms” of insurance products. The NIC has issued Guidelines82 for the approval of life insurance products, which contain some disclosure and insurance contract requirements. In the absence of specific regulatory requirements as to fairness, disclosure, and contract terms, the NIC uses this review to ensure the fairness and suitability of products. However, the requirement for a supervisor to approve products is a resource-intensive and time- consuming process and can be controversial, with many countries only requiring filings of product terms, or nothing at all, and placing responsibility directly on the issuer to meet regulatory requirements. It is unclear when amendments to approved terms need revisiting by the NIC. Whilst these Guidelines contain a number of requirements for product disclosure and contract terms, many improvements could be made to properly address these areas. There are no equivalent Guidelines for non-life insurance. 158. The most comprehensive disclosure obligations are those that apply to microinsurance under the Market Conduct (Microinsurance) Rules 2013. Microinsurance policies must be written in clear, straightforward language, be readily understood by the target market, must contain no or few exclusions, and be accompanied by a Policy Summary which is standardized by regulation, and which must be given to the customer in sufficient time for the consumer to make a decision. The NIC intends that the new insurance law will establish a clear framework for the regulation and supervision of microinsurance. 159. The disclosure requirements for PHIS are much less developed. The NHIA reviews the coverage of schemes when it issues or renews the registration of PHIS. PHIS are required to provide basic disclosure documents that contain benefits under the scheme, which are usually subject to substantial exclusions in cover. 160. Insurers are not required to clearly explain duty of disclosure requirements to the consumer to ensure the obligation and consequences of non- disclosure are understood. Whilst the NIC Product Approval Guidelines do require some disclosure (as to fraud and mis-statement of age), these are inadequate to properly ensure the customer understands the nature and implications of the duty. 161. Consumer protection requirements for the sales process and intermediary qualifications and conduct are insufficient. Such rules are intended to ensure that a consumer receives appropriate advice, is sold suitable products, and that intermediaries meet certain requirements regarding minimum conduct, as well as having sufficient education, training and experience. This seems particularly important in the area of life insurance, as there is evidence of mis-selling of life investment products in Ghana. There are no requirements at all for sales conduct in relation to PHIS. PHIS Private health insurance is predominantly sold to employers, 82 Guidelines on Application and Approval of new and repackaged Life Insurance Products (undated). 62 who use health insurance as part of their remuneration and staff retention program, although some insurers market to individuals or to groups of individuals (such as to teachers, via teacher unions). Accordingly, the end consumer usually has no say in the decision to purchase private health insurance, does not have a direct contractual relationship with the PHIS, and only receives mandated written information as facilitated by the employer. Consumer interaction with the insurer is usually limited to claims issues, and clarification of coverage. Insurers have call centers to provide information to consumers, and deal with customers directly when handling claims and receiving complaints. 162. Mobile insurance is growing rapidly in Ghana, and poses a number of consumer protection challenges. Products currently on offer include hospital cash, funeral, and personal accident policies. MNOs are in the process of withdrawing “free” products from the market, and are looking at expanding into income protection, permanent disability, and education savings accounts. GIZ 83 , at the request of the NIC, commissioned a report 84 on the risks of mobile insurance. Some problems identified include that many consumers do not realize they have insurance through their MNOs, and even if they do, they frequently fail to understand the product. Payment structures can be confusing if a month’s premium is not paid in full, with cover either being scaled back for the following month, or suspended, with premium “credits” being carried over until a future month. Further, there are three key parties involved in the issuing and management of these products: the MNO, which “owns” the clients; a third party that designs the product, and also conducts outbound sales, manages claims, and handles complaints; and the insurer. The insurer appears to have a “light touch” involvement in such products, and rarely if ever has contact with the customer. The NIC is in the process of drafting Market Conduct Rules to address the highest risks, and is implementing an MoU with the BoG and the National Communications Authority, given that these initiatives are led by the MNO, rather than the insurer. 163. Microcredit insurance is widely used by microfinance institutions, but the structure of the product and sales practices are problematic from a consumer protection standpoint. Although the NIC has stated that its Bancassurance Guidelines85 apply to NBFIs such as credit unions, the Guidelines only refer to banks, whereas other non-bank financial institutions such as credit unions and other lenders are involved in insurance business. The use of microcredit policies by credit unions appears to suffer from a number of issues, including that credit unions may be forcing consumers to pay for credit insurance “premiums” when providing consumer loans, and then they retain the pool of premiums, effectively acting as the “insurer”. This practice is open to abuse, including a lack of oversight by the NIC, non-compliance with the requirement for customer choice under the Bancassurance Guidelines, and raises questions whether consumers understand what “product” they are purchasing, and from whom. Microfinance institutions create further problems in their use of credit insurance products (see the Box 3 below on one consumer credit product used by microfinance providers). 83 Gesellschaft für Internationale Zusammenarbeit (https://www.giz.de/en/html/index.html). 84 “Mobile Insurance and Risk Framework in Ghana”, October 2015. 85 Conditions/Guidelines for Registration of Banks as Corporate Agents (Bancassurance). 63 Box 3: Microcredit insurance by microfinance institutions in Ghana Access to credit insurance for death or illness can provide a critical risk management tool for both microfinance institutions and borrowers alike. One type of product in Ghana, distributed through a microinsurance agency86, demonstrates many of the challenges of such insurance. The credit insurance product is technically issued to the microfinance institution as policyholder. The type of cover will depend on the nature of the loan, with death and disability being standard, and fire and allied perils applicable to loans for physical property. The microfinance institution requires consumers to whom it issues loans to make a payment for insurance cover in the event they die or become disabled. The premium is paid as a single amount added to the loan, less a 10-15 percent commission for the microfinance institution to be covered under the master policy, the premium and information about borrowers and outstanding loans must be provided on a monthly basis to the insurer. However, the agency reported that there is no requirement from the insurer or their agent that the microfinance institution pass on all premiums collected, regardless of the representations made to the borrower. When a claim is made, the microfinance institution is responsible to provide claims documentation to the insurer, and is expected to source the documents from the borrower or his/her family. The repayment of the loan (with an additional month of interest, less any arrears due) is made directly to the microfinance institution, which is expected to inform the family that the loan has been repaid. 164. Such arrangements can be vulnerable to a number of abuses. First, if the microfinance institution can be selective about which loans are insured, it can exercise adverse selection against the insurer, and effectively self-insure lower risks. However, this would be misleading for the borrower, who may expect that the premium they pay is for formal insurance provided by a licensed third party insurer. If the microfinance institution “self-funds” this insurance, borrowers are vulnerable if the microfinance institution refuses to cancel the loan, or there is no record of payment of the premium. Further, since the insurer pays the claim amount directly to the microfinance institution, there is a risk that a borrower or their family may not be informed about the repayment of the loan, and despite paying a premium for cover, could be vulnerable to fraud on the part of the microfinance institution. Recommendations 165. The NIC should issue more comprehensive Market Conduct Rules and/or a Code of Practice relating to key consumer protection subject areas, and also issue the new Market Conduct Rules for mobile insurance. These should include clear disclosure requirements, such as specific requirements on the insured’s duty of disclosure, and consequences for breaches, as well as clear sales conduct and intermediary qualification requirements, and rules as for remuneration of intermediary and sales staff. 166. The NIC should make amendments to existing guidelines or rules in order to make their application clearer. It should amend its product approval Guidelines to ensure that it is clear when amendments to product terms or marketing materials must be submitted to the NIC for updated approval, and issue equivalent guidelines for non-life insurance. The NIC should amend the Bancassurance Guidelines to make it clear these apply to NBFIs including credit unions, and also extend their 86Microinsurance agency is an agent of two insurers, one life and one non-life insurer, which are related companies to the agency. The agency was established to focus specifically on the micro market. 64 application, or the application of the Microinsurance Market Conduct Rules, to address the issues arising from micro-credit insurance. For instance, the NIC could consider a requirement that basic disclosure on the insurance and the provider be given to the borrower even though they may not be party to the insurance contract; the microfinance institution may be specifically required to pay all collected premium to the insurer within a set period; and the insurer be required to inform the borrower or their family when a payment has been made under the policy. 167. The NHIA should develop and implement a plan for the phased introduction of market conduct rules for PHIS. The starting point should be fairness-based conduct requirements and disclosure obligations, to ensure consumers are aware of the policy terms, coverage limits, their rights and obligations, and any exclusions. 4.3 Fair Treatment and Business Conduct 4.3.1 Key findings 168. The NIC has implemented Guidelines on Claims Management for both life and non-life insurance. The Guidelines apply to all forms of life and non-life insurance, including reinsurance and commercial lines. They impose maximum timeframes for the assessment and payment of claims, and require notification of the decision to the customer. However, the Guidelines do not appear to sufficiently recognize that commercial and industrial insurances may require different claims approaches. 169. Arising from the relatively low levels of understanding of insurance in Ghana, there appears to be a common perception that the claims process is unnecessarily complex, reducing trust in insurance. This includes the requirement for a police report for all motor claims. Moreover, the lack of a national ID system means many consumers do not possess formal identification, leading to an increased risk of fraud on life or personal injury insurance claims, causing insurers to adopt a more cautious approach that leads to burdensome procedures. 170. The most significant business conduct issue identified for health insurance is the refusal of healthcare providers to provide service to consumers where their health insurer is in arrears in paying claims. A solution to this problem needs to be identified by NHIA, as this situation can result in reduced trust in the health insurance industry, as well as significant delays in the receipt of treatment by consumers who are insured. 4.3.2 Recommendations 171. The NIC and NHIA should, as reflected in Section 4 above, work towards implementing requirements that are currently absent from the rules, with a priority on implementing fairness and conduct requirements, and addressing current issues. The NIC should, in addition, examine opportunities to address the complexity of claims procedures through education and facilitating workshops with the insurance industry on simplifying claims processes. The NHIA should implement requirements as to the resolution of disputes between healthcare providers and private health insurance schemes, and limit the circumstances where healthcare providers can refuse services to consumers when the scheme otherwise covers the service. To the 65 extent possible, such disputes should not affect the consumer’s timely access to appropriate healthcare. 4.4 Data Privacy and Protection 4.4.1 Key findings 172. Insurers handle sensitive personal data in the usual conduct of their business, such as underwriting or claims assessment. Some data that insurers would typically handle is classified as “special personal data” under the Data Protection Act, including health information, and information about a person’s sexual orientation. This data is subject to higher levels of protection 87 and cannot, for example, be processed unless necessary or without the specific consent of the person or unless it is necessary for the protection of the person’s “vital interests”. 173. Specific requirements as to data protection and privacy are limited in the insurance laws, with only the Health Insurance Act mentioning the issue. PHIS are required to ensure that data collected on members is protected from unauthorized access, and the Minister for Health may prescribe guidelines for the security and privacy of data on members of PHIS. There are no equivalent requirements in the Insurance Act. 4.4.2 Recommendations 174. The NIC and the NHIA should collaborate with the Data Protection Authority to ensure compliance with the general data protection provisions of the law. This is particularly important in light of the fact that the Act technically prohibits a person from processing personal data unless they are registered under the Act. For more details see section 2.2.2. 4.5 Dispute Resolution Mechanisms 4.5.1 Key findings 4.5.1.1 Insurance (except Health Insurance) 175. Under the NIC Guidelines on Claims Management, insurers are required to have a documented system and procedure for receiving, registering and resolving complaints in each of their offices. However, there is no definition of a “complaint”, and specific requirements of a complaints process (such as ensuring the insurer appoints a person responsible for the resolution of complaints, the gathering and analysis of complaints statistics, and the target timeframes for resolution) are not mandated. 176. Similarly, there are no requirements for insurance intermediaries to have an internal complaints process. While claims decisions relate to the insurance 87 Data Protection Act, Art. 37. 66 provider, complaints related to mis-selling are usually caused by the actions or omissions of intermediaries. Intermediaries should ideally be required to have their own IDR process and/or to cooperate fully with the insurance provider’s IDR process for activities in the insurance sector. 4.5.1.2 Health Insurance 177. PHIS must have a procedure for settlement of complaints from its members and its healthcare providers, and ensure those parties are aware of their right to submit complaints to the Adjudication Committee (which has yet to be established) where the complaint cannot be settled. Similar to the NIC requirements, there do not appear to be detailed requirements for the procedure or operation of internal complaints handling by PHIS. The NHIA Directorate receives complaints from consumers and healthcare providers, and plays a mediation role. NHIA reports that PHIS comply with the general requirement. 4.5.2 Recommendations 178. Both the NIC and the NHIA should issue and enforce clear requirements for internal complaints handling processes for insurers and for intermediaries (as relevant). This should include fair and consistent complaint handling, the obligation to investigate complaints, the appointment of a specific person to manage the complaints process (if possible, who is not subject to conflicts of interest), target timeframes for communications and resolution, disclosure requirements about the consumer’s internal and external complaints handling options, giving written reasons for refusal of the complaint, and required record-keeping and statistical reporting to the supervisor and the Board on complaints (including by type of complaint, resolution timeframes, and outcomes). Such requirements should also clearly define what constitutes a “complaint”. Insurance agents, although they may not be required to have their own complaints handling process, should be required to comply with the insurer’s processes, including by providing files and other information in a timely manner, and otherwise co-operating with any investigation and honoring any decision made to resolve the complaint. 179. The NHIA should develop and issue standards for IDR for health insurance providers and begin oversight of IDR schemes and enforcement of requirements. Without regulator attention to IDR through compliance and enforcement activities, financial service provider adoption will be slow and inconsistent with corresponding pressures on the EDR scheme. 180. To reinforce the regulatory expectations and improve compliance among insurance and health insurance providers, the NIC and NHIA should develop training for providers to support adoption of regulatory requirements for internal complaints handling. 181. For EDR see section 2.3. 67 4.6 Guarantee Schemes and Insolvency 182. The Insurance Act 88 provides for the establishment of a Client Rescue Fund, which is to be used to compensate clients of failed insurers. Regulations can allocate a percentage of the gross premium received by each direct insurer to be paid into the Fund. The Fund is to be managed by the NIC, which could present a conflict of interest. A Committee is to be established to assist with making awards under the Fund. 183. According to the NIC the Fund has been established, and GH¢2 million (around US$515,000) has been deposited into the Fund from industry contributions. Policyholder protection schemes should be subject to rigorous public reporting requirements and independent supervision and oversight to help ensure that they have the ability to meet their obligations and are based on the principle of transparency. However, at the time of this review, the guidelines for the operation of the Fund were not yet in place. 184. For health insurance, there are no provisions for intervention or resolution of health insurers, and there are other regulatory gaps. There are no legal provisions for judicial management or winding up, or intervention by the NHIA, nor is there a regime for the transfer or amalgamation of insurance business, whether solvent or insolvent. In addition, neither the Insurance Act, nor the Health Insurance Act, contain provisions ensuring policyholder liabilities have priorities over other unsecured creditors. 88 Insurance Act, Art. 197. 68 5 ANNEX – A Table 2: Key Laws Relevant to Consumer Protection Responsible Topic Covered Sector Name of the Law Institution Banking, NBFI, and Bank of Ghana Act, Powers of the Bank Bank of Ghana Payment 2002 (Act 612) of Ghana Protection of depositors’ interests, Banking Act, 2004 Banking Bank of Ghana data privacy, and (Act 673) professional competence Credit products, Borrowers and disclosure and Banking and NBFI Bank of Ghana Lending Act, 2008 transparency, and fair treatment Non-Bank Financial Professional NBFI Institutions Act, Bank of Ghana competence, and 2008 data privacy Transparency and disclosure, fair Payment Systems treatment and Payments Bank of Ghana Act, 2003 (Act 662) business conduct, and system reliability Insurance Act, 2006 National Insurance Insurance other than Insurance (Act 724) Commission health insurance National Health Health Insurance National Health Insurance Insurance Act, 2012 Schemes Insurance Authority (Act 852) 69 6 ANNEX – B Table 3: List of Institutions Met Government Institutions Bank of Ghana – Banking Department Bank of Ghana – Banking Supervision Department Bank of Ghana – Legal Department Bank of Ghana – Market Conduct Unit Bank of Ghana – Non-bank Financial Institutions Supervision Department Central Securities Depository GHIPPS Ministry of Communications – Data Privacy Commission Ministry of Finance and Economic Planning Ministry of Trade and Industry National Insurance Commission National Health Insurance Authority National Pension Regulatory Authority Financial Services Providers Abokobi Rural Bank Acacia Health Insurance Limited Darkuman Central Cooperative Credit Union Ecobank Edward Mensah Wood Insurance Broker Enterprise Insurance Company e-Transact Expresspay GCB La Community Bank Leasafric Leasing Company Metropolitan Health Insurance Microensure MTN – Mobile Money Nationwide Mutual Health 70 Police Hospital Credit Union Societe Generale Stanbic Bank Standard Charter Bank Star Microinsurance State Insurance Corporation Tigo – Mobile Money Service University of Ghana Cooperative Credit Union Vodafone – Mobile Money Industry Associations Association of Rural Banks Apex Bank LTD Credit Union Association GHAMFIN Ghana Association of Microfinance Companies Ghana Bankers Association Susu Collectors Association Consumer Associations Consumer Protection Agency University of Ghana Advocacy Group Development Partners Consultative Group to Assist the Poor – CGAP DfID GIZ SECO 71