70342 ECSPF WORKING PAPER 001 Good Practices for Consumer Protection and Financial Literacy in Europe and Central Asia: A Diagnostic Tool Susan L. Rutledge Nagavalli Annamalai Rodney Lester Richard L. Symonds THE WORLD BANK ECSPF - Finance and Private Sector Department Europe and Central Asia Region Washington, DC August 2010 Abstract The importance of adequate consumer protection and financial literacy for the long-term stability of the financial sector has been highlighted by the recent turmoil in financial markets worldwide. This Working Paper presents a set of Good Practices for Consumer Protection and Financial Literacy developed by the World Bank's Europe and Central Asia Region, using international experience as a guide. The Good Practices provide a practical tool for systematic analysis of laws, regulations and institutions involved in consumer protection and financial literacy—and allow detailed cross-country comparisons. The Good Practices are based on four key concepts: (1) consumer disclosure should be simple, easy to understand and comparable; (2) abusive business practices by financial service providers should be prohibited; (3) consumers should have an easy, inexpensive and speedy method of resolving disputes with financial institutions; and (4) financial education should be available to consumers so that they can understand financial services and products and make informed decisions. The Good Practices were developed as part of a pilot program in consumer protection and financial literacy, which has prepared Diagnostic Reviews in ten countries of Europe and Central Asia since 2005. The Good Practices were released as a consultative draft in August 2008 to contribute to the international dialogue on strengthening financial regulation, and to obtain feedback and input from regulators and other stakeholders worldwide. Comments and feedback have been incorporated into this paper. This document is part of a larger effort of the Finance and Private Sector Development Department of the Europe and Central Asia Region (ECSPF), to enhance the quality of its financial sector development work, and to contribute to the international financial regulatory dialogue. ECSPF prepared this Working Paper in collaboration with the Private Sector Development, Finance and Infrastructure Practice Group of the Legal Vice-Presidency, and the Global Capital Markets Department of the Financial and Private Sector Vice-Presidency. Authors may be reached as follows: srutledge@worldbank.org, nannamalai@worldbank.org, rlester@worldbank.org and rsymonds@worldbank.org. i Foreword Each year the global economy adds an estimated 150 million new consumers in financial services. Most are in developing countries, where consumer protection and financial literacy are still in their infancy. Particularly in the countries that have moved from central planning to market economies, empowering consumers has become a prerequisite for efficient and transparent financial markets. In addition, technological innovation and increased competition for financial services worldwide have created a wide array of financial services available to consumers. As a result, government authorities worldwide are starting to look at concrete and effective ways of improving consumer protection in financial services and financial literacy. Consumer protection ensures that consumers receive information that will allow them to make informed decisions, are not subject to unfair and deceptive practices, have access to recourse mechanisms to resolve disputes when transactions go awry, and are able to maintain privacy of their personal information. Financial literacy initiatives give consumers the knowledge, skills and confidence to understand and evaluate the information they receive and empower them to purchase those financial products and services which meet the needs of themselves and their families. Together consumer protection and financial literacy set clear rules of engagement between financial firms and their retail customers—and help narrow the knowledge gap between consumers and their financial institutions. We are pleased to provide Good Practices for Consumer Protection and Financial Literacy in Europe and Central Asia: A Diagnostic Tool. The Good Practices were developed at the request of government authorities in the Europe and Central Asia Region. Ten countries have asked the World Bank to prepare diagnostic reviews of consumer protection and financial literacy frameworks and practices for their countries. To ensure consistency across countries, the World Bank developed an initial set of good practices using international experience as a guide. The Good Practices have been summarized and accompanied by annotations of the experiences that have been drawn upon. The Good Practices were released as a Consultative Draft in August 2008 in order to stimulate discussion on what constitute good practices in consumer protection and financial literacy and to obtain feedback and input from regulators and other stakeholders worldwide. Comments and feedback have been incorporated. However the global regulatory framework is rapidly changing, along with views on the role of consumer protection regulation. The Good Practices thus remain a ―work in progress‖ and subject to future revisions. Good Practices for Consumer Protection and Financial Literacy in Europe and Central Asia: A Diagnostic Tool is available at: www.worldbank.org/eca/consumerprotection. Comments and feedback should be provided to consumerprotection@worldbank.org or Sue Rutledge at srutledge@worldbank.org ii Acronyms & Abbreviations AML Anti-money laundering ANEC European Association for the Co-ordination of Consumer Representation in Standardization APEC Asia Pacific Economic Cooperation API Arab Payments Initiative APY Annual percentage yield B2C Business to consumer BEUC Bureau Européen des Unions des Consommateurs (European Consumers’ Organization) BIS Bank for International Settlements CEMLA Centro de Estudios Monetarios Latinoamericanos CESR Committee of European Securities Regulators CFT Combating the financing of terrorism CGAP Consultative Group to Assist the Poor CISPI Commonwealth of Independent States Initiative CIU Collective Investment Undertaking COE Council of Europe CPSS Committee on Payment and Settlement Systems EC European Commission ECJ European Court of Justice ERISA US Employee Retirement Income Security Act ETS European Treaty Series EU European Union FATF Financial Action Task Force FinCoNet International Financial Consumer Protection Network FINRA US Financial Industry Regulatory Authority FSA UK Financial Services Authority FSAP Financial Sector Assessment Program FTC US Federal Trade Commission GDP Gross domestic product IAIS International Association of Insurance Supervisors ICO UK Information Commissioner's Office ICP Insurance Core Principle IDD Initial disclosure document IFC International Finance Corporation IFRS International Financial Reporting Standards IOPS International Organisation of Pensions Supervisors IOSCO International Organization of Securities Commissions KYC Know Your Customer LIBOR London Inter-bank Offered Rate MiFID Markets in Financial Instruments Directive NAIC US National Association of Insurance Commissioners NASD US National Association of Securities Dealers NPS National Payments System OECD Organisation for Economic Co-operation and Development PIN Personal identification number SADC Southern African Development Community SAPI South Asia Payments Initiative SEC US Securities and Exchange Commission SME Small and medium enterprises SRO Self-regulatory organization TILA US Truth in Lending Act UK United Kingdom UN United Nations US United States of America USC United States Code WBG World Bank Group WHCRI Western Hemisphere Credit and Loan Reporting Initiative WHF Western Hemisphere Payments and Securities Settlement Forum iv Acknowledgements Good Practices for Consumer Protection and Financial Literacy in Europe and Central Asia: A Diagnostic Tool was prepared by a team led by Sue Rutledge, Regional Consumer Protection Coordinator and Senior Private Sector Development Specialist of the Europe and Central Asia Region of the World Bank. The core project team consisted of Nagavalli Annamalai (Lead Counsel), Rodney Lester (former Senior Advisor) and Richard L. Symonds (former Senior Counsel). They were joined by Gregory Brunner (former Senior Consultant), Eric Haythorne (former Lead Counsel) and Juan Carlos Izaguirre (E T Consultant), all from the World Bank. Also joining the team was Nicola Jentzsch, Research Associate at the German Institute for Economic Research -Deutsches Institut für Wirtschaftsforschung- Berlin. Valuable contributions were also made by John Pyne of the Irish Financial Services Regulatory Authority (Financial Regulator), Patrick McAllister, Director of Housing Finance in Asia/Pacific at Habitat for Humanity International, and Shaun Mundy, former Head of Financial Capability Department, United Kingdom’s Financial Services Authority. Peer review comments were gratefully received from Tomáš Prouza, former Deputy Finance Minister of the Czech Republic, William Knight, Chairman of the International Financial Consumer Protection Network (FinCoNet) and Former Commissioner of the Financial Consumer Agency of Canada, and Lewis Mandell, Professor of Finance and Business Economics at the University of Washington and Senior Fellow at the Aspen Institute's Initiative on Financial Security. Thanks also to Sarah Lynch of the European Commission, Jane Rooney of the Financial Consumer Agency of Canada, and Martin J. Gruenberg of the US Federal Deposit Insurance Corporation, for their comments on the Consultative Draft. Comments were also received during the World Bank Group Global Seminar on Consumer Protection and Financial Literacy in Washington in September 2008. The team would also like to thank Fernando Montes-Negret and Lalit Raina as well as Marie- Renee Bakker, Daniela Gressani, Orsalia Kalantzopoulos, (all from the World Bank) for their valuable support and input. Above all, the authors are grateful to the authorities of the governments of Azerbaijan, Bosnia and Herzegovina, Bulgaria, the Czech Republic, Croatia, Latvia, Lithuania, Romania, the Russian Federation, and Slovakia for their generous support and assistance in the preparation of Diagnostic Reviews of Consumer Protection and Financial Literacy for their countries. v Table of Contents Abstract ............................................................................................................................................ i Foreword ......................................................................................................................................... ii Acronyms & Abbreviations ............................................................................................................ iii Acknowledgements ......................................................................................................................... v Introduction ..................................................................................................................................... 1 Background ..................................................................................................................................... 3 Need for International Benchmarks on Consumer Protection and Financial Literacy ................... 6 Checklist of Good Practices ............................................................................................................ 9 Future Work .................................................................................................................................. 12 GOOD PRACTICES FOR CONSUMER PROTECTION AND FINANCIAL LITERACY ...... 13 I. Banking Sector ...................................................................................................................... 13 A. Consumer Protection Institutions ..................................................................................... 15 B. Disclosure and Sales Practices ......................................................................................... 18 C. Customer Account Handling and Maintenance ................................................................ 22 D. Privacy and Data Protection ............................................................................................. 26 E. Dispute Resolution Mechanisms ...................................................................................... 28 F. Guarantee Schemes and Insolvency ................................................................................. 29 G. Consumer Empowerment ................................................................................................. 31 H. Competition and Consumer Protection ............................................................................ 35 II. Securities Sector .................................................................................................................... 36 A. Investor Protection Institutions......................................................................................... 37 B. Disclosure and Sales Practices ......................................................................................... 38 C. Customer Account Handling and Maintenance ................................................................ 41 D. Privacy and Data Protection ............................................................................................. 43 E. Dispute Resolution Mechanisms ...................................................................................... 44 F. Guarantee Schemes and Insolvency ................................................................................. 45 G. Consumer Empowerment ................................................................................................. 46 III. Insurance Sector ............................................................................................................... 48 A. Consumer Protection Institutions ..................................................................................... 50 B. Disclosure and Sales Practices ......................................................................................... 54 C. Customer Account Handling and Maintenance ................................................................ 58 D. Privacy and Data Protection ............................................................................................. 59 E. Dispute Resolution Mechanisms ...................................................................................... 60 F. Guarantee Schemes and Insolvency ................................................................................. 61 G. Consumer Empowerment ................................................................................................. 62 IV. Non-Bank Credit Institutions ........................................................................................... 63 A. Consumer Protection Institutions ..................................................................................... 64 B. Disclosure and Sales Practices ......................................................................................... 67 C. Customer Account Handling and Maintenance ................................................................ 71 D. Privacy and Data Protection ............................................................................................. 72 E. Dispute Resolution Mechanisms ...................................................................................... 73 F. Consumer Empowerment ................................................................................................. 74 References ..................................................................................................................................... 75 Annex I - Private Pensions Sector ................................................................................................. 79 A. Consumer Protection Institutions ..................................................................................... 80 B. Disclosure and Sales Practices ......................................................................................... 80 C. Customer Account Handling and Maintenance ................................................................ 82 D. Privacy and Data Protection ............................................................................................. 82 vi E. Dispute Resolution Mechanisms ...................................................................................... 83 F. Guarantee Schemes and Safety Provisions....................................................................... 83 G. Consumer Empowerment ................................................................................................. 84 Annex II - Credit Reporting Systems ............................................................................................ 85 A. Privacy and Data Protection ............................................................................................. 87 B. Consumer Empowerment ................................................................................................. 89 Annex III – Payment and Remittance Systems ............................................................................. 91 Retail Payment Services and Circuits: Background ...................................................................... 91 International Standards .................................................................................................................. 92 Implementing the Standards .......................................................................................................... 97 List of Tables Table 1. Overview of Consumer Protection Regulation for the Banking Sector .......................... 13 Table 2. Overview of Consumer Protection Regulation for the Securities Sector ........................ 36 Table 3. Overview of Consumer Protection Regulation for the Insurance Sector ........................ 48 Table 4. Selected Key Readings on Consumer Protection for the Insurance Sector ..................... 50 Table 5. Selected Codes of Conduct for the Insurance Sector ...................................................... 52 Table 6. Overview of Consumer Protection Regulation for Non-Bank Credit Institutions .......... 63 Table 7. Selected Codes of Conduct for Lending in Europe ......................................................... 65 Table 8. Overview of Consumer Protection Regulation for Credit Reporting Systems ................ 85 List of Boxes Box 1: Public Policy Goals, Central Bank Minimum Actions and Range of Possible Additional Actions for Retail Payment Systems ............................................................................................. 92 Box 2: Guideline 10 of the CPSS Report ...................................................................................... 94 Box 3: Guideline 9 of the CPSS Report ........................................................................................ 95 Box 4: Guideline 11 of the CPSS Report ...................................................................................... 95 Box 5: General Principle 1 of the CPSS Report ............................................................................ 96 vii Introduction Until the financial crisis of 2007-09, the global economy was adding an estimated 150 million new consumers of financial services each year. Rates of increase have since slowed but growth continues apace. Most new consumers are in developing countries, where consumer protection and financial literacy are still in their infancy. Particularly in countries that have moved from central planning to market economies, protecting the interests of consumers has become a prerequisite for sound, stable and competitive financial markets. Weaknesses in consumer protection and financial literacy affect both developed and developing countries. Emerging countries worldwide have seen rapid development of their financial sectors over the last ten years and rapid growth of income has provided consumers with more resources to invest. Increased competition among financial firms, combined with improvements in information technology, resulted in highly complex financial products being sold to the public. The public in many emerging markets, however, lacks a history of using sophisticated financial products. For many first-time financial consumers, no member of their extended families has, over the previous several decades, entered into a long-term financial contract such as a home mortgage loan. The growth of financial literacy significantly lags the growth of available investment resources (or credit options), widening the gulf between the complexity of financial products and consumers' ability to understand what they are buying. Especially in low-income countries, technology is also changing the types of protection needed by many first-time financial consumers. Where more than half the population has no bank account, financial services delivered via cellular telephones have filled a critical need for consumers but such services raise important issues of consumer disclosure and education. Even in well-developed markets, however, weak consumer protection and financial literacy can render households vulnerable to unfair and abusive practices by financial institutions (or just inadequate disclosure of the risks involved in taking on large debts, particularly in foreign currency) as well as financial frauds and scams. The global financial crisis has highlighted the importance of consumer protection and financial literacy for the long-term stability of the financial sector. Throughout Europe, the US and elsewhere, the rapid growth of household lending over the last decade has been accompanied by an increase in the number of households that had difficulty in understanding the risks and obligations that they assumed—or the full range of choices available.1 Financial institutions have also transferred financial risks to households which have increasingly become exposed to new types of risks, such as those related to changes in foreign exchange and variable interest rates. In developed mortgage markets, complex financial products (such as hybrid adjustable-rate mortgages) were sold to borrowers, some of whom had patchy credit histories. Securitization of such household credit— in today's deeply interconnected financial markets— spread the weaknesses in the household financial sector to the rest of the financial system. 2 The US consumer protection regime has come under increasing criticism. As noted by US Treasury Assistant Secretary for Financial Institutions Michael Barr, ―It could not stem a plague 1 See California Budget Report, Locked Out 2008:The Housing Boom and Beyond, 2008. As many as half of all subprime residential mortgage borrowers in the US had high enough credit scores to qualify for standard, lower-cost bank mortgages. See also Remarks by US Federal Reserve Board Governor Edward M. Gramlich at the Financial Services Roundtable Annual Housing Policy Meeting, Chicago, Illinois May 21, 2004 2 Remarks by Vice Chairman Martin J. Gruenberg, United States Federal Deposit Insurance Corporation at World Bank Group Global Seminar on Consumer Protection and Financial Literacy, Washington, D.C., September 2008 1 of abusive and unaffordable mortgages and exploitative credit cards despite clear warning signals. It cost millions of responsible consumers their homes, their savings, and their dignity. And it contributed to the near collapse of our financial system.‖ 3 US authorities have recognized the importance of consumer protection for the stability of the financial sector. Chairman of the Federal Deposit Insurance Corporation Sheila Bair explained, ―There can no longer be any doubt about the link between protecting consumers from abusive products and practices and the safety and soundness of the financial system. Products and practices that strip individual and family wealth undermine the foundation of the economy. As the current crisis demonstrates, increasingly complex financial products combined with frequently opaque marketing and disclosure practices result in problems not just for consumers, but for institutions and investors as well.‖4 Starting in 2005, the World Bank initiated a pilot program in Consumer Protection and Financial Literacy for the countries of the Europe and Central Asia Region. For the pilot program, ten Diagnostic Reviews were conducted, six in New Member States of the European Union (EU) plus Croatia, Bosnia and Herzegovina, Russia and Azerbaijan.5 The Diagnostic Reviews for the EU New Member States provided the opportunity to see how the European Commission’s strategy on consumer protection in financial services was being applied in several former transition economies. Among those countries was Latvia, whose review was conducted in June 2009—in the midst of the worst financial crisis in the country’s history. Croatia provided the perspective of a country managing a complex legal and institutional agenda for future accession to the European Union. Russia gave an insight into the largest country in world, spanning 11 time zones. Azerbaijan provided the view of an oil-rich country that was formerly a low-income economy. Taken together, the ten country Diagnostic Reviews provide a useful overview of the key issues emerging from systematic assessments of consumer protection and financial literacy. 3 Written Testimony by US Treasury Assistant Secretary for Financial Institutions Michael Barr before the US Senate Committee on Banking, Housing and Urban Affairs, July 14, 2009 4 Statement of Sheila C. Bair, Chairman of the Federal Deposit Insurance Corporation, on Modernizing Bank Supervision and Regulation before the US Senate Committee on Banking, Housing and Urban Affairs, March 19, 2009 5 The Diagnostic Reviews, as well as materials from dissemination seminars, can be found at www.worldbank.org/eca/consumerprotection. 2 Background At its heart, the need for consumer protection arises from an imbalance of power, information and resources between consumers and their financial service providers, placing consumers at a disadvantage. Consumer protection aims to address this market failure. Financial institutions know their products well but individual retail consumers may find it difficult or costly to obtain sufficient information regarding their financial purchases.6 In addition, complex financial products can be difficult to assess, even when all relevant information is disclosed. Imbalances are also present in cases where:  Transactions are rare (for example, when providing a mortgage on a personal residence);  Entry or exit costs are low (such as for financial intermediaries), thus allowing disreputable firms to emerge; or  The payoff to the consumer is postponed or very high (for example, long-term investment products, where performance cannot be evaluated for many years and expenses may consume a large part of profits). Consumer protection and financial literacy promote efficiency, transparency and deepening of retail financial markets. The retail public operates in a marketplace where imbalances of information, resources and power are on the side of financial institutions. Consumer protection attempts to redress the imbalance, by giving individuals clear and complete information on which to make informed decisions, by prohibiting financial institutions from engaging in unfair or deceptive practices, and by providing adequate mechanisms to resolve disputes between individuals and financial institutions. Consumers who are empowered with information and basic rights—and who are aware of their responsibilities—provide an important source of market discipline to the financial sector, encouraging financial institutions to compete by offering better products and services rather than by taking advantage of poorly informed consumers. Financial literacy helps consumers understand the information and make risk/return choices that optimize their financial wealth. Consumer protection also improves governance of financial institutions. By strengthening transparency in the delivery of financial services and accountability of financial firms, consumer protection helps build demand for good governance of the sector and the strengthening of business standards in the financial sector. In addition, consumer protection and financial literacy help promote deepening of the retail financial sector, attracting first-time consumers to access financial services and building public trust in financial institutions. Consumer protection also helps financial firms in facing the many risks that arise in dealing with retail customers. In its April 2008 report, the Joint Forum of the Basel Committee on Banking Supervision, the International Organization of Securities Commission and the International Association of Insurance Supervisors identifies three potential key risks related to "mis-selling" financial products to retail customers7. They are: (1) legal risk, if successful lawsuits from collective action by customers or enforcement actions by supervisory agencies result in obligations to pay financial compensation or fines; (2) short-term liquidity risk and long- 6 Technically speaking, asymmetric information raises two main problems: adverse selection and moral hazard. Adverse selection is also referred as the ―lemon problem‖. The academic literature notes that, with imperfect information on the part of lenders or prospective car buyers, borrowers with weak repayment prospects or sellers of low-quality cars ("lemons") crowd out everyone else from the market. See George A. Akerlof, "'The Market for Lemons': Quality Uncertainty and the Market Mechanism", Quarterly Journal of Economics, 1970. This is a different issue from that of borrowers lacking sufficient information to make wise and well-informed financial decisions. 7 The term ―mis-selling‖ generally refers to the situation where the firm sells to a client a product that is not suitable for that client, whether or not a recommendation is made. 3 term solvency risk, if retail customers are treated unfairly and thus shun the financial institution and withdraw their business; and (3) contagion risk, if the problems of one financial institution (or type of financial product) spread across the financial sector.8 Effective consumer protection can help ensure that the actions of financial firms do not make them subject to criticisms of mis- selling. Consumer protection also protects the financial sector from the risk of government over- reactions. The impact of too little consumer protection became evident during the insurance and superannuation scandals in the United Kingdom and Australia, resulting in extensive studies on recommendations for regulatory reform, including consumer disclosure.9 The political response to collapses of parts of the financial sector may be to over-compensate with heavy regulation. Some governments have also resorted to interest rate caps for consumer loans (with questionable results especially on the development of credit markets), as a reaction to increasing public pressure to adopt consumer protection measures. Some regulation of financial markets is needed, at least for consumer protection. As noted by Dani Rodrik (2007), ―Markets will not work on their own. You need all the institutions that regulate markets, stabilize markets, that compensate to losers and provide the safety nets, without which markets can neither be legitimate or, for that matter, efficient, if you don’t have the appropriate regulatory frameworks.‖ 10 George Benston (1999) also suggests that one of the (few) justifications for regulating financial markets is ―protection of consumers from the loss of their investments, fraud and misrepresentation, unfair treatment and insufficient information, incompetent employees of financial-services providers, and invidious discrimination.‖11 Competition policy will not fully address consumer protection issues on its own. Mark Armstrong (2008) notes that in most competitive markets, competition policies are sufficient to ensure that firms succeed by providing consumers with the products and services they want. However Armstrong also argues that more is required to ensure efficient retail financial markets. He notes that policies are needed to provide consumers with comparable information, to increase consumer awareness of market conditions, to reduce consumer search costs, and to clarify hidden costs. They all help give consumers essential information on which to make decisions. He also points to the need for policies to prevent misleading and fraudulent marketing directed at consumers.12 The challenge is to strike the right balance between government regulation and market competition forces. Government intervention should only be considered when it is both feasible and cost-effective to do so. Rules need to be proactive to prevent abuses and not simply react to problems of the past. At the same time, care must be taken since regulation can stifle financial innovation. As noted by US Federal Reserve Board Chairman Ben Bernanke in April 2009, regulators should ―strive for the highest standards of consumer protection without eliminating the 8 Joint Forum of Basel Committee on Banking Supervision, International Organization of Securities Commission and International Association of Insurance Supervisors, Customer suitability in the retail sale of financial products and services, April 2008 9 For additional discussion of scandals, see the Case Studies in the April 2008 report of the Joint Forum of Basel Committee on Banking Supervision et al. 10 PBS NewsHour, Graduate Students Recount Experiences with Globalization, June 1, 2007 11 George J. Benston, Regulating Financial Markets: A Critique and Some Proposals, American Enterprise Institute for Public Policy and Research, 1999 12 Mark Armstrong, "Interactions between Competition and Consumer Policy", Competition Policy International, Volume 4, Number 1, Spring 2008 4 beneficial effects of responsible innovation on consumer choice and access to credit.‖13 To ensure that regulation is both effective and efficient, cost-benefit analyses should be conducted. Codes of conduct for responsible lending are not a substitute for regulation but can be useful in improving business practices of financial institutions. Codes of conduct can encourage financial institutions to follow ethical standards in the treatment of retail customers. They are no substitute for adequate regulation intended to protect the interests of consumers of financial services. However they may provide a useful first step, particularly if the regulator (or supervisor) oversees the codes and reports on the effectiveness of the codes. If the codes are not sufficient to improve business practices, the regulator may then wish to consider introducing new legislation. However in developing countries, self-regulation is frequently less than effective since institutional capacities of industry associations are often limited, financial markets are highly concentrated and dominated by a small number of institutions, the legal framework for financial services is underdeveloped, and the laws and regulations are frequently not effectively applied or enforced. The focus of consumer protection is on the relationship and interaction between a retail customer and a financial institution. Distinguishing between unsophisticated retail and highly sophisticated corporate customers is important when designing successful consumer protection. Transactions with well-informed financial and corporate institutions are not subject to many of the problems that can potentially harm retail consumers. The Good Practices use the definition of the retail market as those economic transactions made between economic operators and final consumers. The retail market is sometimes called the business-to-consumer (or "B2C") market. This market does not include businesses—however small—in their role as purchasers of financial services. The Good Practices relate only to the direct relationship between retail customers and financial institutions (or their agents and intermediaries) although small firms, especially sole proprietorships, often suffer from the same consumer protection issues as consumers. Furthermore the Good Practices do not cover areas such as personal insolvency or collateral registries. Such areas are important parts of the financial sector infrastructure but they are not directly involved in relations between consumers and financial institutions. Design of consumer protection and financial literacy measures should take into account recent research in behavioral economics. Psychological biases may influence consumers to make choices that are neither rational nor optimal. These biases include mistaken beliefs where consumers assume that interest rate charges or penalties will not apply to them: they are over- optimistic about their financial futures and thus unable to forecast their future financial status accurately.14 Individuals often over-estimate their financial capabilities, including their understanding of the concept of the time value of money and the impact of compound interest over time.15 Other consumers fall victim to projection bias, that is, the prediction of personal preferences into the future.16 Other related effects are hyperbolic discounting (where consumers apply a very high discount rate to future income and thus reduce the present value of savings to 13 Chairman Ben S. Bernanke’s Speech Financial Innovation and Consumer Protection at the Federal Reserve System's Sixth Biennial Community Affairs Research Conference, Washington, D.C. April 17, 2009 14 S. Brown, G. Garino, K. Taylor and S.W. Price, Debt and financial expectations: An individual and household level analysis, Working Paper, University of Leicester, 2003. See also N. Weinstein, "Unrealistic Optimism About Future Life Events", Journal of Personality and Social Psychology 39(5): 806-820, 1980 15 Lewis Mandell, Personal Finance Survey of High School Seniors, The Jump$tart Coalition for Personal Financial Literacy, Washington, DC, 2004. Also see ANZ Banking Group, ANZ Survey of Adult Financial Literacy in Australia, Melbourne, 2003 16 G. Loewenstein, T. O’Donoghue and M. Rabin, "Projection Bias in Predicting Future Utility," Quarterly Journal of Economics 118 (4): 1209-1248, 2003 5 very low levels), impulse purchasing and weaknesses in self-control. The research points to the need for surveys of financial literacy and consumer spending habits as essential background for designing not only programs of financial education but also measures for improving consumer information policies. The Good Practices start from the perspective that a financial sector should provide consumers with:  Transparency by providing full, plain, adequate and comparable information about the prices, terms and conditions (and inherent risks) of financial products and services;  Choice by ensuring fair, non-coercive and reasonable practices in the selling and advertising of financial products and services, and collection of payments;  Redress by providing inexpensive and speedy mechanisms to address complaints and resolve disputes; and  Privacy by ensuring control over access to personal financial information. In addition, consumers should have access to programs of financial education that enable them to develop the financial capability required to understand financial products and services and exercise their rights (and responsibilities) as financial consumers. Training in financial issues should also empower consumers to make wise and informed decisions about their finances—and to plan their financial needs over a lifetime. Financial education cannot, however, substitute for adequate financial regulation. Expanding access to financial services is also an important goal, particularly in developing countries. Providing a low-cost bank account, for example, can provide an ―entry-level‖ product that brings new consumers into the financial sector.17 While expanding access to financial services helps spur the economy, both financial institutions and financial consumers need to be responsible in their use of financial services. Need for International Benchmarks on Consumer Protection and Financial Literacy A clear set of internationally accepted practices on consumer protection in financial services would help build a robust global financial architecture. Regulators have noted the pressing need for a set of guidelines of market conduct against which existing policies, laws and regulations, institutions and initiatives can be measured and assessed. Market conduct standards should complement—but not substitute for—prudential regulation. Such a set of guidelines would be significant for any public debate on a national or international level since the discussion to date has suffered from the absence of a set of recognized guidelines against which existing rules or proposed changes could be measured. This has often led policymakers to focus on only a few of many consumer protection issues while neglecting to close gaps in other areas. Well-developed and accepted guidelines are also very important tools when developing benchmarks for surveys of consumer protection and financial literacy levels. 17 For a review of financial access in developing countries—and the pitfalls in providing access to financial services in low-income countries—see World Bank, Finance for All? Policies and Pitfalls in Expanding Access, 2008. See also CGAP, Financial Access 2009: Measuring Access to Financial Services around the World, 2009 6 At the G-20 summit in Pittsburgh in September 2009, leaders noted the need to strengthen the international financial regulatory system. They pointed out that, ―Far more needs to be done to protect consumers, depositors, and investors against abusive market practices, promote high quality standards, and help ensure the world does not face a crisis of the scope we have seen. We are committed to take action at the national and international level to raise standards together so that our national authorities implement global standards consistently in a way that ensures a level playing field and avoids fragmentation of markets, protectionism, and regulatory arbitrage.‖18 Strong consumer protection should be part of a strengthened global financial regulatory system. Several initiatives are underway worldwide to develop useful standards or benchmarks on consumer protection in financial services. In January 2008, the European Commission published its first ―consumer markets scoreboard‖, which identified retail financial services as a priority sector in need of monitoring from a consumer perspective. In October 2008 the European Parliament released its report on measures to increase consumer education and awareness on credit and finance.19 In July 2005, the Council of the Organisation for Economic Co-operation and Development (OECD) distributed a set of principles and good practices for financial education and awareness, followed by the release of good practices on financial education and awareness for insurance and private pensions in 2008, and for consumer credit, including mortgages, in 2009.20 The World Bank has contributed to the dialog by preparing a set of Good Practices for Consumer Protection and Financial Literacy.21 The Good Practices have been used in the Europe and Central Asia Region as a practical assessment tool to evaluate financial consumer protection regimes. They provide a tool for systematic analysis of the laws, regulations and institutions involved in consumer protection and financial literacy—and allow detailed comparisons across different countries. Separate Good Practices were developed for each part of the financial sector. They cover banking, insurance, securities and private pensions, as well as non-bank credit institutions, microfinance institutions and credit reporting systems. The Good Practices are not intended to establish a set of internationally accepted principles such as the Basel Committee’s Core Principles for Effective Banking Supervision, or the Insurance Core Principles of the International Association of Insurance Supervisors (IAIS), or the Principles of Securities Regulation of the International Organization of Securities Commissions (IOSCO). However they provide useful insight that may be helpful in the eventual development of international benchmarks on consumer protection in financial services. The Good Practices were developed using existing international benchmarks and other accepted good practices in the financial sector. The Good Practices are based on accepted international benchmarks such as the principles released by the Basel Committee, IOSCO and IAIS, as well as the OECD recommendations for financial education and awareness on pensions, insurance, and credit products. The Good Practices take the recommendations on how financial institutions should interact with their retail customers and pull the recommendations together in 18 Leaders’ Statement: the Pittsburgh Summit, September 24-25, 2009 19 European Parliament, Report on protecting the consumer: improving consumer education and awareness on credit and finance (2007/2288 (INI)), October 14, 2008 20 OECD, Recommendation on Principles and Good Practices for Financial Education and Awareness, Recommendation of the OECD Council (July 2005); Improving Financial Education and Awareness on Insurance and Private Pensions (2008); and Financial Literacy and Consumer Protection: Overlooked Aspects of the Crisis, OECD Recommendation on Good Practices on Financial Education and Awareness relating to Credit (2009) 21 The first version of Good Practices for Consumer Protection and Financial Literacy in Europe and Central Asia: A Diagnostic Tool was released as a Consultative Draft in August 2008. 7 one report. Where no such relevant principles exist, the Good Practices rely on respected principles of good practice used by various countries aiming to achieve high standards of consumer protection and financial literacy. The Good Practices thus incorporate provisions of the EU Directives, as well as the laws and regulations of New Member States of the EU. Guidance was also provided by laws, regulations and codes of good practice in the United States as well as Australia, Canada, France, Ireland, Malaysia, Mexico, New Zealand, Peru and South Africa. The Good Practices rely on the approaches of developed countries but also incorporate experiences in reforming emerging economies. Over the last 30 years, most work on financial consumer protection has been undertaken in the industrialized countries, although work in other countries (such as Malaysia, Mexico and South Africa) has begun to emerge. The experiences of developed markets may be particularly helpful to regulators in emerging markets as many financial institutions in developing countries are owned by financial institutions from developed countries. The quick transfer of know-how of financial institutions regarding market conduct and understanding of issues (and effects of applied solutions) may significantly help national authorities develop effective answers to issues they are dealing with. As effective approaches emerge from developing countries, they will be incorporated into future revisions of the Good Practices. The Good Practices are applicable both in middle-income and low-income countries. While the Good Practices are based on successful experiences primarily of middle- and high-income countries, the recommendations that emerge are simple and practical—providing easy-to- understand information for consumers, giving consumers a fast and inexpensive way of gaining redress and providing consumers with financial education when and in the form they want it. Low-income countries may wish to phase-in the recommendations. The ideas, however, are of universal application and should be part of consumer protection strategies for countries worldwide. Good Practices for various segments of the financial sector and Checklist of Good Practices across the financial sector have been prepared. The detailed Good Practices for each major segment—banking, securities, insurance, and non-bank credit institutions—are presented with annotations to identify the basis for the proposed Good Practices.22 Good Practices were prepared for the different parts of the financial sector, since most laws and regulatory agencies are specific to different types of financial institutions. However there is also merit in taking a cross-sectoral approach looking at a general set of Good Practices across the financial sector. The cross-sectoral approach is likely to become increasingly significant as more sophisticated financial products become available and the consumer well-being may become threatened by regulatory arbitrage in packaging the products. One example where common rules would significantly benefit the consumer is unit-linked insurance, which often has limited disclosure requirements compared to strict disclosure for investment funds. Similarly the same information should be provided and the same rules applied for mortgages and mortgage alternatives, such as building savings loans or specific consumer credit related to building or renovating. The checklist below provides an initial set of general Good Practices across financial sectors. 22 Proposed Good Practices for private pensions and credit reporting systems were also prepared but they are presented as annexes due to the preliminary nature of the work. Further refinement will be made in the course of future revisions to the Good Practices. 8 Checklist of Good Practices Consumer Protection Institutions  The law should provide clear consumer protection rules regarding financial products and services. The necessary institutional arrangements should be in place to ensure thorough, objective, timely and fair implementation and enforcement of the rules.  Prudential supervision and consumer protection supervision23 can be placed in separate agencies or lodged in a single institution, but balance between prudential supervision and consumer protection is needed.  A principles-based code of conduct for financial institutions should be developed by the financial industry (in consultation with consumer associations if possible) and monitored by a statutory agency. The code may be augmented by voluntary codes of conduct for individual financial institutions.  All legal entities that either collect funds from consumers or lend funds to consumers should be licensed and supervised by the appropriate prudential or market conduct supervisory authority.  The judicial system should provide credibility to the enforcement of the rules. The media and consumer associations should be active in promoting financial consumer protection. Disclosure and Sales Practices  Before a consumer purchases a financial product, the financial institution should provide a written copy of the general terms and conditions as well as those that apply to the product.  For all financial products, consumers should receive a single-page Key Facts Statement, written in plain language, describing the key terms and conditions, and based on industry- agreed standards for the minimum types of information to be published for each type of financial product.  Before making recommendations, financial institutions should gather sufficient information from the consumer to ensure that the product or service is appropriate to that consumer.  Financial products with a long-term savings component—or those subject to high-pressure sales practices—should have a ―cooling-off‖ period when the consumer may cancel the contract without penalty. However, for financial products that are sensitive to changes in interest rates or other market risk factors, consumers who cancel their contracts during the cooling-off period should be required to compensate the financial institution for any out-of- pocket losses.  Whenever a consumer is obliged to purchase any product as a pre-condition for receiving another product from the financial institution, the borrower should be free to choose the product provider.  In their advertising, financial institutions should disclose that they are regulated and by which regulatory agency. 23 Consumer protection regulation/supervision are also called ―market conduct‖ regulation/supervision. 9  Staff of financial institutions who deal directly with consumers should receive adequate training, suitable for the complexity of the products or services being sold.  Industry associations should develop a standard simple format for financial institutions to disclose their annual financial results so the public can form an opinion of the financial viability of each firm. Customer Account Handling and Maintenance  Financial institutions should prepare monthly statements for each customer account regarding key details of financial transactions. For investment products, the customer should receive periodic statements of the value of their investment.  Customers should be individually notified of changes in interest rates, fees, and charges as soon as possible.  Financial institutions should maintain up-to-date customer records and provide customers with ready and free access to their records.  Clearing of customer transactions should be based on clear statutory and regulatory rules— or be subject to effective self-regulatory arrangements.  No financial institution—or third party—should employ abusive collection practices against customers of financial institutions. Privacy and Data Protection  The law should set out basic rules of information sharing among participants of the credit reporting system, including credit registers, reporting institutions and users of credit reports.  The law should set out basic consumer rights regarding information sharing, including access, rectification, blocking and erasing of errors or outdated personal information. Financial institutions should inform customers of their policies for the use and sharing of customer personal information.  The law should specify the extent and timeliness of the updating of customer information, give customers ready and free access to their credit reports (at least once a year) and provide procedures for correcting mistakes on credit reports.  Financial institutions should be obliged to protect the confidentiality and technical security of customer data. The law should state specific rules and procedures concerning the release of customer records to any government authority.  Credit bureaus should be subject to oversight by the appropriate government (or non- government) authority to ensure that they comply with consumer protection provisions of the law, including those related to consumer data. Dispute Resolution Mechanisms  Financial institutions should have clear procedures for handling customer complaints. Financial institutions should maintain up-to-date records of all complaints received. 10  Consumers should have access to an affordable and efficient mechanism for recourse, such as an independent financial ombudsman or equivalent institution with effective enforcement capacity. The institution should act impartially and independently from the appointing authority, the industry, and the institution with which the complaint has been lodged.  Statistics of customer complaints, including those related to breaches of the codes of conduct, should be periodically compiled and published.  Regulatory agencies should be legally obliged to publish statistics and analyses related to their activities regarding consumer protection—and propose regulatory changes or financial education measures to avoid the sources of systemic consumer complaints and disputes. Industry associations should also analyze the complaint statistics and propose measures to avoid recurrence of systemic consumer complaints. Guarantee and Compensation Schemes  The law should ensure that the regulator can take prompt corrective action in the event of distress at a financial institution.  The law on financial insurance or guarantee fund should be clear. In the absence of financial insurance or guarantee fund, there should be an effective and timely payout mechanism in the event of insolvency of a financial institution.  Depositors, life insurance policyholders and pension fund members should enjoy higher priority than other unsecured creditors in the liquidation process of a financial institution. The law dealing with the insolvency of financial institutions should provide for expeditious, cost-effective and equitable provisions to enable the maximum timely refund of deposits to depositors. Financial Literacy and Capability  A broadly based program of financial education and information should be developed to increase the financial capability of the population.  A range of organizations–including government, state agencies and non-governmental organizations–should be involved in developing and implementing the financial capability program. The government should appoint a ministry (e.g. the Ministry of Finance), the central bank or a financial regulator to lead and coordinate the development and implementation of the national program.  Schoolchildren should receive a planned and coherent program of financial education which is designed to give them the competence and confidence to manage their finances well throughout their adult lives.  A range of other initiatives should be undertaken to improve people's financial capability. This should include encouraging the mass media to provide financial education, information and guidance.  Government and state agencies should consult with consumers, industry associations and financial institutions to develop proposals that meet consumers’ needs and expectations. 11 They should also undertake consumer testing to try to ensure that proposed initiatives are likely to have their intended outcomes.  The financial capability of consumers should be measured periodically through a broad- based household survey that is repeated from time to time. Competition  Financial regulators and competition authorities should be required to consult with one another.  Competition policy in financial services should consider the impact of competition issues on consumer welfare, and especially limits on choice.  Competition authorities should conduct and publish periodic assessments of competition in retail financial institutions and make recommendations on how competition in retail financial institutions can be optimized. Future Work Future country-based reviews might look at additional initiatives. Particularly in low-income countries, it would be useful to look at measures that increase the depth of services for under- served households. This might include, for example, the approach of giving all consumers the right to a minimum-service bank account. Analysis should, however, be made of the likely impact (and costs and benefits) of such provisions. It also might be helpful to establish some recommendations regarding self-regulatory organizations, their role in consumer protection and financial education, and their potential role in the supervisory process (in the form of possible co- regulation). Consideration should also be given to ways of making non-government organizations (NGOs) effective participants in measures to strengthen consumer protection and financial literacy—and ensure that they develop stable sources of funding. Diagnostic reviews should include countries in other regions. In particular, the countries of Latin America and East Asia provide valuable experience that would assist in the evolution and refinement of the Good Practices. Also useful would be reviews in low-income countries. Future work should also include developing tools to help regulators define priorities for choosing among the recommendations. National governments are often well-equipped to identify weak points and define what changes should, ideally, be made to reach a better consumer environment. Since all governments are faced with limited resources, however, it would be helpful to provide a tool to assist them in selecting the most important issues requiring attention, namely those with the best potential for positive impact. The positive effect of defining standards for consumer protection would be further strengthened by providing tools for risk analysis (in what order the government should deal with known issues to minimize key risks) and for impact assessment (what the expected changes in the financial sector are and when they can be expected to materialize). 12 GOOD PRACTICES FOR CONSUMER PROTECTION AND FINANCIAL LITERACY I. BANKING SECTOR Good business relationships between the local commercial banks and the public in general are crucial for the development of the economy. There has to be mutual trust and confidence. In the absence of transparency in pricing, adequate consumer awareness and protection, and dispute resolution mechanisms, banking systems have less efficiency and accessibility. A proper assessment of the overall banking sector and the environment in which it operates is critical to determine whether some of the principles listed below are relevant for a particular country. These practices have been distilled from various sources and prevailing and accepted practices in countries reputed to have good consumer protection in the banking sector. It is important to note that the practices have been crafted to enable their use in countries with well developed as well as less developed banking systems. To ensure the usefulness of these good practices, a certain degree of generalization and minimum requirement approach has been taken. This approach has been taken to preserve the fundamental rights of a common consumer vis-à-vis the banking system and to provide relevance in the context of the concerning country. The treatment and handling of checks (in paper and electronic form) and remittances are important aspects of consumer protection of retail financial consumers. However both best practices and international standards have been developed as part of the General Principles for International Remittance Services. A summary is provided in Annex III.24 An overview of the main international consumer protection legislation and regulation for the banking sector is presented in Table 1. Table 1. Overview of Consumer Protection Regulation for the Banking Sector Institution Laws, Regulations, Directives and Guidelines BIS – Bank for Basel Committee on Banking Supervision, Core Principles for Effective Banking Supervision, International September 1997, revised October 2006 Settlements Supervisory Guidance on Dealing with Weak Banks, 2002 BIS-World Bank General Principles for International Remittance Services, 2007 OECD – Organisation Guidelines on the Protection of Privacy and Transborder Flows of Personal Data, 1980 for Economic Cooperation and Guiding Principles for Regulatory Quality and Performance, 2005 Development Best Practices for the Formal Exchange of Information Between Competition Authorities in Hard Core Cartel Investigations, 2005 24 International standards and best practices for payment and remittance services have been developed by the World Bank and the Committee on Payment and Settlement Systems of the Bank for International Settlements, i.e., the BIS- World Bank General Principles for International Remittance Services. See references at www.worldbank.org/paymentsystems 13 Institution Laws, Regulations, Directives and Guidelines Recommendation of the Council concerning Merger Review, 2005 Recommendation of the Council concerning Structural Separation in Regulated Industries, 2001 Recommendation of the Council concerning Effective Action against Hard Core Cartels, 1998 Recommendation of the Council concerning Co-operation between Member Countries on Anticompetitive Practices affecting International Trade, 1995 APEC – Asia Pacific APEC Privacy Framework, 2005 Economic Cooperation APEC Policy Dialogue on Deposit Insurance: Key Policy Conclusions, 2004 EU – European Union Directive on Consumer Credit, 1987/102/EEC, as amended Directive on Consumer Credit, 2008/48/EC Directive on Credit Agreements for Consumers, 2008/48/EC, repealing Directive 87/102/EEC Directive on Consumer Protection in the Indication of the Prices of Products offered to Consumers, 1998/6/EC Directive on Unfair Terms in Consumer Contracts, 1993/13/EEC Directive concerning Unfair Business-to-Consumer Commercial Practices in the Internal Market, 2005/29/EC Directive on Misleading and Comparative Advertising, 2006/114/EEC Directive on the Distance Marketing of Consumer Financial Services, 2002/65/EC Directive on Payment Services in the Internal Market, 2007/64/EC Directive on Deposit Guarantee Schemes, 1994/19/EC Directive on Protection of Consumers in Respect of Distance Contracts, 1997/7/EC Directive on the Protection of Individuals with regard to the Processing of Personal Data and on the Free Movement of such data, 1995/46/EC Commission Recommendation on the Principles for Out-of-court Bodies involved in the Consensual Resolution of Consumer Disputes, 2001/310/EC Communication from the Commission - Sector Inquiry under Art 17 of Regulation 1/2003 on Retail Banking, COM (2007) 33 final Commission Staff Working Document on the Implementation of the Commission Decisions on Standard Contractual Clauses for the Transfer of Personal Data to Third Countries 2001/497/EC and 2002/16/EC, SEC (2006) 95 Treaty establishing the European Community (EC Treaty), 1957 as amended FATF – Financial Forty Recommendations on Money Laundering, 2003 Action Task Force Nine Special Recommendations on Terrorism Financing, 2001 as expanded in 2004 US – United States of Truth in Lending Act (TILA), 1968 America Truth in Savings Act, 1991 Check Clearing for the 21st Century Act, 2003 Fair Debt Collection Practices Act, 1977 Regulation E – Electronic Fund Transfers, 1966 Federal Trade Commission Act, 1914 Equal Credit Opportunity Act, 1974 UK – United Kingdom Financial Services and Markets Act, 2000 Consumer Credit Act, 1974 14 A. Consumer Protection Institutions A.1. Consumer Protection Regime The law should provide for clear consumer protection rules regarding any regulated financial product or service, and institutional arrangements should be in place to ensure the thorough, objective, timely and fair implementation and enforcement of all such rules. a. Specific statutory provisions need to create an effective regime for the protection of any consumer of a banking product or service. b. Either a general consumer agency or a specialized agency should be responsible for implementing, overseeing and enforcing consumer protection, as well as collecting and analyzing data (including complaints, disputes and inquiries). c. The law should provide for and not prohibit a role for the private sector, including voluntary consumer organizations and self-regulatory organizations, regarding consumer protection in general, and in banking products and services in particular. The legal foundation for recognizing, implementing, overseeing and enforcing consumer protection is the primary prerequisite for any legal rights, including consumer rights in banking. Similarly, supervision and enforcement of the protection of consumer affairs in the financial sector is critical for ensuring consumer protection. In this regard, the assessment carried out so far and the experience of countries around the world clearly support the view that it is necessary to have an agency dedicated to oversee and enforce consumer protection. The right to form voluntary organizations is taken for granted in many countries. Voluntary consumer associations and self regulatory organizations are important pillars in the consumer protection regime and their role should be recognized in the law, in order to provide them with legitimacy and enable them to obtain funding or gather resources. The role of the private sector is also emphasized to provide legitimacy to banks so that they can participate in activities that would otherwise be considered non- banking activities and to enable them to allocate sufficient funding for financial literacy and related consumer protection activities. Some major international and national guidelines have been consulted for the development of this good practice. They include: EU Directive on Credit Agreements for Consumers, 2008/48/EC, repealing Directive 87/102/EEC; EU Directive on Consumer Protection in the Indication of the Prices of Products offered to Consumers, 1998/6/EC; EU Directive on the Distance Marketing of Consumer Financial Services, 2002/65/EC; the US Truth in Lending and Truth in Savings Acts; and the UK Financial Services and Markets Act of 2000 (which set up the Financial Services Authority).25 A.2. Code of Conduct for Banks a. There should be a principles-based, statutory code of conduct for banks that is devised in consultation with the banking industry, and with consumer associations if possible, and is monitored by a statutory agency or an effective self-regulatory agency. 25 In addition, see the OECD Forum, Balancing Globalization, 22-23 May 2006 in Paris; and the International Forum on Financial Consumer Protection and Education. 15 b. Every bank, acting alone and together, should publicize and disseminate this statutory code of conduct to the general public through appropriate means. c. The statutory code should be augmented by voluntary codes of conduct for banks on such matters as facilitating the easy switching of consumers’ current accounts and establishing a common terminology in the banking industry for the description of banks’ charges, services and products. Many banking associations around the world adopt a code of conduct to inform the public of the services and standard of services to be expected from the industry. In most cases, they adopt a list of grand statements that does not mean much to the average customer. Most banking associations operating in the EU have not adopted principles-based code of banking practices. The reason may be that the EU directives on credit and provision of other financial services are detailed enough to ensure good practices. The reality is that consumers‘ financial literacy and the enforcement capacity of authorities in different countries varies and thus, there are varying standards of consumer protection throughout Europe. More countries are adopting detailed principles-based codes of conduct that banks are complying with. These codes use plain language and provide commitments that are clear to the average customer. The codes are also widely disseminated and published on the websites of banks, clearly indicating banks‘ commitments to comply with them. Codes of banking practices are generally adopted and enforced by middle-income and developed countries, such as Hong Kong, the UK, New Zealand, Canada, South Africa and Australia. These codes are principle-based and their compliance is monitored by the regulatory authority in the case of Hong Kong or subject to the jurisdiction of the ombudsman, in the case of South Africa and Australia.26 The codes generally comprise the following:  Governing principles and objectives of the code  The banking ombudsman scheme and mechanisms to deal with complaints  Good conduct relating to communication, privacy and disclosure  Product and services  Issues relating to cheques  Issues on provision of credit  PINs and passwords  Cards, liability and merchant card services  Internet banking  Other services such as foreign exchange services  Statements and account information A.3. Balance between Prudential Supervision and Consumer Protection Where prudential supervision and consumer protection are the responsibility of a single organization, there should be a balance between prudential supervision and consumer protection. 26 For examples of codes of banking practices, see: https://www.fnb.co.za/legallinks/legal/cobp.html and http://www.bankers.asn.au/Default.aspx?ArticleID=446 16 As for compliance, oversight of a code of conduct or consumer protection is not generally seen as being part of the responsibilities of banking regulators. The laws contain no reference to ―consumer protection‖ as a function of the banking supervisor or to the concepts of ―fairness‖ and ―transparency‖. However, it is difficult to say that consumer protection issues should be ignored by regulators. If banks provide a bad or unfair service, this may damage their reputation as well as customer loyalty and confidence. This may also indicate weaknesses in management and internal controls and expose the bank to financial loss, e.g. as a result of ―mis-selling‖ of investment products. Thus, a banking regulator does have an interest in encouraging standards of good banking practice, whereby banks act fairly and reasonably in relation to their customers. The regulator, however, has to determine where to draw the line and in particular has to be careful about intervening in matters that are best dealt with through competitive market forces or resolved through courts. Banking regulators are very often better placed than a third party to strike the balance and avoid undue regulatory burden on the industry. A.4. Other Institutional Arrangements a. The judicial system should provide credibility to the enforcement of the rules on financial consumer protection. b. The media and consumer associations should play an active role in promoting financial consumer protection. Media and consumer associations play an active role in promoting financial consumer protection in many countries. Proper media coverage of consumer mistreatment by financial institutions is an effective tool in promoting consumer protection through ―naming and shaming‖. However, it is important that journalists be educated to understand and transmit information on financial issues adequately. In all European countries, there are consumer associations that deal with financial services.27 If, as in Article 7 of Decision No. 20/2004/EC, specific criteria are fulfilled, the organization might be even supported financially by the EU. Furthermore the EC has created several consultative bodies, such as the Financial Services Consumer Group; and permanent committees include representatives of consumer organizations from each of the EU Member States, which are specifically asked to ensure that consumer interests are properly taken into account in the EU financial services policy. A.5. Licensing All banking institutions that either collect funds from consumers or lend funds to consumers need to be licensed and supervised. This good practice forms the basis and foundation for the prerequisite and enforcement of consumer protection in the banking system (see Basel Core Principle 3). The licensing authority should have the power to set criteria and reject applications for establishments that do not meet the standards set. At a minimum, the licensing process should consist of an assessment of the ownership structure and governance of the bank and its wider group, including the fitness and propriety of Board members and senior management, the bank‘s strategic and operating plan, internal controls and risk management, and its projected financial condition, including its capital base. Where the proposed owner or parent organization is a foreign bank, the prior consent of its home country supervisor should be obtained. 27 For an overview see: http://ec.europa.eu/consumers/cons_org/associations/index_en.htm 17 B. Disclosure and Sales Practices B.1. Know Your Customer (KYC) When making a recommendation to a consumer, a bank should gather, file and record sufficient information from the consumer in order to ensure that the bank’s recommendation, product or service is appropriate to that consumer. The extent of information the bank gathers should: (a) be appropriate to the nature and complexity of the product or service being proposed to or sought by the consumer; and (b) enable the bank to provide a professional service. This is a basic requirement not only for the delivery of the services but also for the purposes of complying with the Basel Core Principle 1828 issued by the Bank for International Settlements (BIS) and with the standards issued by the Financial Action Task Force (FATF). The FATF is an inter-governmental body created with the purpose of combating money laundering and terrorism financing. The FATF Standards are comprised of Forty Recommendations on Money Laundering and Nine Special Recommendations on Terrorist Financing.29 B.2. Affordability When making a recommendation to a consumer, the bank should ensure that: a. Any product or service it offers to that consumer is in line with the need of the consumer; b. When offering any products or services, the consumer is given a range of options to choose from to meet his or her requirement; c. In recommending a product or service to that consumer, sufficient information on the product or service is provided to enable the consumer to select the most suitable product or service; and d. When offering a new credit product or service significantly increasing the amount of debt assumed by the consumer, the consumer’s credit-worthiness is properly assessed. This good practice gleans the spirit of avoiding over-indebtedness and helping consumers make appropriate decisions on their financial needs. It is not uncommon for consumer protection agencies to call on financial service providers to treat customers fairly, make sure that consumers can afford their mortgage credit and, if not, ensure that they contact their lender or a free independent advice agency immediately.30 The EU Directive on Unfair Terms in Consumer Contracts 1993/13/EEC and Directive on Consumer Credit, 2008/48/EC provide guidance with regards to this good practice. B.3. Cooling-off Period Unless explicitly waived in advance by a consumer in writing, a bank should provide the consumer a ―cooling-off‖ period of a reasonable number of days immediately following the 28 Basel Core Principle 18: Abuse of financial services. Supervisors must be satisfied that banks have adequate policies and processes in place, including strict ―know-your-customer‖ rules that promote high ethical and professional standards in the financial sector and prevent the bank from being used, intentionally or unintentionally, for criminal activities. 29 See http://www.fatf-gafi.org/document/28/0,3343,en_32250379_32236930_33658140_1_1_1_1,00.html and http://www.fatf-gafi.org/document/9/0,3343,en_32250379_32236920_34032073_1_1_1_1,00.html 30 See FSA’s MoneyMadeClear website: http://www.moneymadeclear.fsa.gov.uk/campaigns/Mortgages.html 18 signing of any loan agreement between the bank and the consumer during which time the consumer may, on written notice to the bank, treat the agreement as null and void without penalty to the consumer of any kind. As it is described, this is an important safeguard for enabling an individual to withdraw from an arrangement with impunity. However for financial products that involve market risk, consumers who cancel their contracts during the cooling-off period should be required to compensate the financial institution for any out-of-pocket losses. For a description of cooling-off periods in several EU Member States, see the EC‘s Discussion Paper for the amendment of the Directive 87/102/EEC concerning consumer credit. 31 B.4. Bundling and Tying Clauses Whenever a borrower is obliged by a bank to purchase any product, including an insurance policy, as a pre-condition for receiving a loan from the bank, the borrower should be free to choose the provider of the product. Market survey suggests that in most EU Member States, the majority of banks tie a current account to mortgages, personal loans and SME loans. From a competition point of view, product tying in retail banking may weaken competition. First, tying raises costs and therefore is likely to reduce customer mobility. Secondly, by binding customers into buying several products from the same bank, tying is likely to discourage the entry of new players and growth of smaller players. Thirdly, by introducing additional and perhaps unnecessary products into the transaction, tying reduces price transparency and comparability among providers. Product tying by one or more undertakings in a particular Member State may constitute an exclusionary abuse of dominance under Article 82 of the Treaty establishing the European Community (EC Treaty), where such undertakings have a dominant position. B.5. Preservation of Rights Except where permitted by applicable legislation, in any communication or agreement with a consumer, a bank should not exclude or restrict, or seek to exclude or restrict: a. Any duty to act with skill, care and diligence toward the consumer in connection with the provision by the bank of any financial service or product; or b. Any liability arising from the bank’s failure to exercise duty to act with skill, care and diligence in the provision of any financial service or product to the consumer. This good practice concerns the obligation to deal fairly and honestly with customers, and the right of privacy and data protection of consumers. This standard requires that consumers can not be forced to underwrite contractual clauses that would significantly reduce their rights. This is reflected in the OECD Guidelines on the Protection of Privacy‘s Accountability Principle (Paragraph 14), and the APEC Privacy Framework‘s Accountability Principle IX, which state that the data controller should be accountable for complying with the measures stated in the OECD and APEC guidelines. The EU Directive on Unfair Business-to-Consumer Commercial Practices states that a commercial practice shall be deemed unfair if it is contrary to the requirements of professional diligence (Article 5). The Directive also indicates that a commercial practice shall be regarded 31 Available at: http://ec.europa.eu/consumers/cons_int/fina_serv/cons_directive/cons_cred1a_en.pdf 19 as misleading if it omits material information that the average consumer needs to take a decision. One of several kinds of material information described in the Directive is ―the arrangements for payment, delivery, performance and the complaint handling policy, if they depart from the requirements of professional diligence‖ (Article 7). B.6. Regulatory Status Disclosure In all of its advertising, whether by print, television, radio or otherwise, a bank should disclose: (a) that it is regulated and (b) the name and address of the regulator. This is in line with responsible and fair advertisement practices. The consumer should be able to verify the claims made by the advertiser. For example, see the UK Financial Services and Markets Act 2000 or the UK Consumer Credit Act 1974. B.7. Terms and Conditions Before a consumer may open a deposit, current (checking) or loan account at a bank, the bank should provide the consumer with a written copy of its general terms and conditions, as well as all terms and conditions that apply to the account to be opened. Collectively, these Terms and Conditions should: a. Disclose details of the bank’s general charges, the bank’s complaints procedures, information about any compensation scheme that the bank is a member of, and an outline of the action and remedies which the bank may take in the event of a default by the consumer; b. Include information on the methods of computing interest rates paid by or charged to the consumer, any relevant non-interest charges or fees related to the product offered to the consumer, any service charges to be paid by the consumer, restrictions –if any– on account transfers by the consumer, and the procedures for closing an account; c. Set forth clear rules regarding the reporting procedures from the consumer and the bank’s liability on: (i) unauthorized transactions, and (ii) stolen cards; and d. Be written in plain language and in a font size and spacing that facilitates the reading of every word. A number of international guidelines have provided the background for this good practice, including EU Directive on Credit Agreements for Consumers 2008/48/EC; EU Directive on Consumer Credit 87/102/EEC; EU Directive concerning Unfair Business-to-Consumer Commercial Practices in the Internal Market 2005/29/EC; EU Directive on Misleading and Comparative Advertising 2006/114/EEC; EU Directive on the Distance Marketing of Consumer Financial Services 2002/65/EC; EU Directive on Protection of Consumers in Respect of Distance Contracts 1997/7/EEC; as well as the US Truth in Lending Act (TILA) and Truth in Savings Act. The purpose of TILA is to promote the informed use of consumer credit by requiring disclosures about its terms and by standardizing the manner in which costs associated with borrowing are calculated and disclosed. TILA also gives consumers the right to cancel certain credit transactions that involve a lien on a consumer's principal dwelling, regulates certain credit card practices, and provides a means for fair and timely resolution of credit billing disputes. The US Truth in Savings Act requires clear and uniform disclosure of the rate of interest (annual percentage yield or APY) and fees that are associated with a savings account, so that the 20 consumer is able to make a meaningful comparison between potential accounts. For example, a customer opening a certificate of deposit account should be provided with information about ladder rates (smaller interest rates with smaller deposits) and penalty fees for early withdrawal of a portion or all of the funds. B.8. Key Facts Statement a. A bank should have a Key Facts Statement for each of its accounts, types of loans or other products. b. The Key Facts Statement should be written in plain language and summarize in a page or two the key terms and conditions of the specific financial product. c. Prior to a consumer opening any account at, or signing any loan agreement with, the bank, the consumer should have delivered a signed statement to the bank to the effect that he or she has duly received a copy of the relevant document from the bank. Key Facts Statements would provide consumers with simple and standard disclosure of key contractual information of a financial product, contributing to the consumers‘ better understanding of the product. The Key Facts Statement would also allow consumers to compare offers provided by different financial institutions before they purchase a financial product—and provide a useful summary for later reference during the life of the financial product. For credit products, Key Facts Statements would constitute an efficient way to inform consumers about the credit reporting systems, their basic rights and the existing possibilities for disputing information. This would be of special importance in countries with new financial consumers who are inexperienced. The UK FSA has developed mandatory key facts statements in the form of initial disclosure documents (or IDDs) applicable to housing credit products. B.9. Advertising and Sales Materials a. Banks should ensure that their advertising and sales materials and procedures do not mislead customers. b. All advertising and sales materials should be easily readable and understandable by the general public. c. Banks should be legally responsible for all statements made in advertising and sales materials. For disclosure and sales practices, one of the main policy issues relates to misleading and comparative advertisement. Several directives in Europe hold financial institutions responsible for the content of their public announcements. These include the EU Directive on the Distance Marketing of Financial Services 2002/65/EC, the EU Directive on Misleading and Comparative Advertising 2006/114/EEC and the Unfair Commercial Practices Directive 2005/29/EEC. B.10. Guarantees No advertisement by a bank should describe either an actual or future deposit or interest rate payable on a deposit as being guaranteed or partially guaranteed unless: a. There is a legally enforceable agreement between the bank and a third party who or which has provided such a guarantee. b. The advertisement states: (i) the extent of the guarantee; 21 (ii) the name and address of the party providing the guarantee; and (iii) in the event that that party is in any way connected to the bank, the precise nature of that connection. The word ―guarantee‖ can be a persuasive element when it comes to ―returns‖ on investment. There is a tendency for the term to be used rather loosely. Furthermore, the actual terms of a guarantee can be legalistic and complicated for the average customer. Thus, advertisements should ensure that the key fact of the guarantee is clearly disclosed to the public to enable the consumer to make an informed decision about the usefulness or relevance of the guarantee. B.11. Professional Competence a. In order to avoid any misrepresentation of fact to a consumer, any bank staff member who deals directly with consumers, or who prepares bank advertisements (or other external distribution channels) or who markets any service or product of the bank should be familiar with the legislative, regulatory and code of conduct guidance requirements relevant to his or her work, as well as with the details of any product or service of the bank which he or she sells or promotes. b. Regulators and industry associations should collaborate to establish and administer minimum competency requirements for any bank staff member who: (i) deals directly with consumers; (ii) prepares any Key Facts Statement or any advertisement for the bank; or (iii) markets the bank’s services and products. The standard of service delivery depends not only on the product but also on the knowledge and technical know-how of the individual delivering the service. Financial products are becoming increasingly complicated, products are overlapping, and the delineation between banking and non-banking products is no longer clear. Thus, it is important that consumers fully understand these complex products before buying them. Most of the time, the industry is expected to ensure that the employees delivering the services are fully knowledgeable about the products and able to explain the nuances to the consumer. In most cases, the industry sets the standard through certification processes. C. Customer Account Handling and Maintenance C.1. Statements a. Unless a bank receives a customer’s prior signed authorization to the contrary, the bank should issue, and provide the customer with, a monthly statement regarding every account the bank operates for the customer. Each such statement should: (i) set out all transactions concerning the account during the period covered by the statement; and (ii) provide details of the interest rate(s) applied to the account during the period covered by the statement. 22 b. Each credit card statement should set out the minimum payment required and the total interest cost that will accrue, if the cardholder makes only the required minimum payment. c. Each mortgage or other loan account statement should clearly indicate the amount paid during the period covered by the statement, the total outstanding amount still owing, the allocation of payment to the principal and interest and, if applicable, the up-to-date accrual of taxes paid. d. A bank should notify a customer of long periods of inactivity of any account of the customer and provide a reasonable final notice in writing to the customer if the funds are to be transferred to the government. e. When a customer signs up for paperless statements, such statements should be in an easy- to-read and readily understandable format. See annotation of good practice B.10. C.2. Notification of Changes in Interest Rates and Non-interest Charges A customer of a bank should be notified in writing by the bank of any change in: a. The interest rate to be paid or charged on any account of the customer as soon as possible; b. A non-interest charge on any account of the customer a reasonable period in advance of the effective date of the change; c. The customer should have the right to exit the contract, if the revised terms are not acceptable to the customer. Banks in many countries provide at least 1- 3 months notice depending on the agreement. In most countries, banks indicate upfront whether the interest rate is fixed or variable, whether it is linked to LIBOR, etc. In such cases, the minimum notice that should be given in the event of a change in the interest rate should be agreed upfront. Interest rate increases that do not comply with the contractually stipulated notice will not be valid and binding on the consumer. The Code of Banking Practices should include this requirement. Consumers' rights to exit contracts were taken from the Guidelines 17 and 19 from the UN Guidelines for Consumer Protection. C.3. Customer Records A bank should maintain up-to-date records in respect of each customer of the bank that contain the following: a. A copy of all documents required to identify the customer and provide the customer’s profile; b. The customer’s address, telephone number and all other customer contact details; c. Any information or document in connection with the customer that has been prepared in compliance with any statute, regulation or code of conduct; d. Details of all products and services provided by the bank to the customer; e. A copy of correspondence from the customer to the bank and vice-versa and details of any other information provided to the customer in relation to any product or service offered or provided to the customer; 23 f. All documents and applications of the bank completed, signed and submitted to the bank by the customer; g. A copy of all original documents submitted by the customer in support of an application by the customer for the provision of a product or service by the bank; and h. Any other relevant information concerning the customer. A law or regulation should provide the minimum permissible period for retaining all such records and, throughout this period, the customer should be provided ready free access to all such records. While the above can be assumed in many countries, rudimentary banking systems do not keep comprehensive information. The list may sound prescriptive but it is regarded as the minimum requirement to ensure sufficient information is kept for the purposes of ensuring customer protection. For more information, see annotation on good practice C.2. C.4. Checks There should be clear rules on the issuance and clearing of checks that, among other things, set reasonable requirements for banks on the following issues: a. For any bank on which a check is drawn, when the account on which it is drawn has insufficient funds; b. For any bank at which a customer of that bank seeks to cash or deposit a check, which is subsequently found to be drawn on an account with insufficient funds; c. Informing the customer of the consequences of issuing a check without sufficient funds, at the time a customer opens a checking account; d. Regarding the crediting of a customer’s account and its timing, when a check deposited by the customer clears; and e. In respect of capping charges on the issuance and clearance of checks. There should be clear rules on consumer protection, including procedures for error resolution. There are a number of international and national guidelines that have been consulted with regards to this good practice, such as the US Check Clearing for the 21st Century Act and important Codes of Banking Practices in Australia and South Africa.32 The check clearing house rules provide guidelines on this good practice. However, these rules are designed for guiding banks and are not disclosed to the public. Thus, it is important that basic principles for bankers, such as the ones stated above, are followed by banks.33 C.5. Electronic Checks a. Customers should be provided with consistent, clear and timely information about the checks and the cost of using them, at all relevant stages in a consumer's decision, in easily accessible and understandable forms. b. Customers should be informed on: (i) how the use of credit card checks differs from the use of a credit card; 32 Available at: https://www.fnb.co.za/downloads/legal/COBP071105.pdf http://www.bankers.asn.au/Default.aspx?ArticleID=446 and https://www.fnb.co.za/legallinks/legal/cobp.html 33 See World Bank Group, Financial and Private Sector Development Vice Presidency, Payment Systems Development Group, Payment Systems Worldwide: a Snapshot. Outcomes of the Global Payment Systems Survey 2008, 2008. See also Annex III for additional information on transparency and consumer protection in payment and remittance systems. 24 (ii) the interest rate that applies and whether this differs from the rate charged for card purchases; (iii) when interest is charged and whether there is no interest free period; (iv) whether additional fees or charges apply and how much; (v) whether purchases using a credit card checks benefit from the same protection as using a credit card. c. Credit card checks should not be sent to consumers without prior consent. d. Authorities should encourage efforts to enable end users to better understand the market for electronic checks, such as providing comparative price information or undertaking educational campaigns. e. There should be clear rules on consumer protection, including procedures for error resolution. The background for this good practice has been provided by the EU Directive on Payment Services in the Internal Market 2007/64/EC, the US Regulation E and the BIS-World Bank‘s General Principles for International Remittance Services. However the Good Practice constitutes only part of the General Principles. For full information on payments and remittance services, see the full text of the General Principles.34 C.6. Electronic Fund Transfers and Remittance a. There should be clear rules on the rights, liabilities and responsibilities of the parties in electronic fund transfers. b. Banks should provide information on prices and service features of electronic fund transfers and remittances in easily accessible and understandable forms. As far as possible, this information should include: (i) the total price (e.g. fees at both ends, foreign exchange rates and other costs); (ii) the time it will take the funds to reach the receiver; (iii) the locations of the access points for sender and receiver; (iv) terms and conditions of the fund transfers services to the customer. c. To ensure full transparency, it should be clear to the sender if the price or other aspects of the service vary according to different circumstances, and the bank should disclose the information without imposing additional requirements on the consumer. d. There should be legal provision requiring documentation of electronic fund transfers. e. There should be clear, publicly available and easily applicable procedures in cases of errors and frauds. f. Authorities should encourage efforts to enable end users to better understand the market for electronic fund transfers and remittances, such as providing comparative price information or undertaking educational campaigns. The following guidelines are relevant for this good practice: BIS-World Bank‘s General Principles for International Remittance Services, EU Directive on Payment Services in the Internal Market 2007/64/EC and US Regulation E. However the Good Practice constitutes only 34 See http://www.bis.org/press/p070123.htm 25 part of the General Principles. For full information on payments and remittance services, see the full text of the General Principles.35 C.7. Debt Recovery a. No bank, agent of a bank or third party should employ any abusive debt collection practice against any customer of the bank, including the use of any false statement, any unfair practice or the giving of false credit information to others. b. The type of debt that can be collected on behalf of a bank, the person who can collect any such debt and the manner in which that debt can be collected should be indicated to the customer of the bank when the credit agreement giving rise to the debt is entered into between the bank and the customer. c. No debt collector should contact any third party about a bank customer’s debt without informing that party of: (i) the debt collector’s right to do so; and (ii) the type of information that the debt collector is seeking. d. Where sale or transfer of debt without borrower consent is allowed by law, borrowers should be: (i) notified of the sale or transfer within a minimum number of days; (ii) informed that they remain obligated on the debt; and (iii) provided with information as to where to make payment as well as contact information on the purchaser. While countries rely on the sanctity of the contract and courts to uphold the right of borrower and prevent abuse by lender, some countries deal with this issue either through the law, directives of regulators, or advisory of the Consumer Protection Agency (see the US Fair Debt Collection Practices Act, or the US Federal Trade Commission (FTC) and the UK Financial Services Authority (FSA) websites.) This good practice encapsulates the spirit of the foregoing concerns. D. Privacy and Data Protection D.1. Confidentiality and Security of Customers’ Information Customers have a right to expect that their financial transactions are kept confidential. The law should require banks to ensure that they protect the confidentiality and security of personal data, against any anticipated threats or hazards to the security or integrity of such information, and against unauthorized access. The confidentiality of identifiable personal information is protected under several international statutes. These include the OECD Guidelines on the protection of privacy and trans-border flows of personal data (Article 2 Scope of Guidelines), the EU Directive on the Protection of 35 See http://www.bis.org/press/p070123.htm 26 Individuals with regard to the Processing of Personal Data 1995/46/EC, and the APEC Privacy Framework (Part ii, Scope). D.2. Sharing Customer’s Information a. A bank should inform its customer in writing: (i) of any third-party dealing for which the bank should share information regarding any account of the customer, such as any legal enquiry by a credit bureau; and (ii) how it will use and share the customer’s personal information. b. No bank shall sell or share account or personal information regarding a customer of the bank to or with any party not affiliated with the bank for the purpose of telemarketing or direct mail marketing. c. The law should allow a customer of a bank to stop or "opt out" of the sharing by the bank of certain information regarding the customer and, prior to any such sharing of information for the first time, every bank should be required to inform each of its customers in writing of his or her rights in this respect. d. The law should prohibit the disclosure of any information of a banking customer by third parties. The EC creates legal security by publishing standardized clauses and model contracts (see Commission Staff Working Document on the Implementation of the Commission Decisions on Standard Contractual Clauses for the Transfer of Personal Data to Third Countries 2001/497/EC and 2002/16/EC). For information processing and sharing, this could serve as an example for a personal data protection agency. D.3. Permitted Disclosures The law should: a. State specific rules and procedures concerning the release to any government authority of the records of any customer of a bank; b. State what the government authority may and may not do with any such records; c. State what exceptions, if any, apply to these rules and procedures; d. Provide for penalties for the bank and any government authority for any breach of these rules and procedures. Each contractual party has to be informed about the retention periods before concluding the contract in plain and understandable language. This holds for the consumer (and borrower) as well as all co-borrowers. Again, the Personal Data Protection Agency may play a greater role in educating the public about credit information sharing. Examples can be derived from the FTC and the UK Information Commissioner‘s Office (ICO). Data retention periods should be based upon international best practices or the statistical power of information and shall not be kept longer than this predictive power lasts. It must be noted that the data retention period differs from country to country. 27 D.4. Credit Reporting Credit reporting systems should be subject to appropriate oversight with sufficient enforcement authority. For a full description of Good Practices for Credit Reporting, see Annex II. The extent of information collected by credit bureau must commensurate with the level of data protection and strength of the law of privacy in the country. E. Dispute Resolution Mechanisms E.1. Internal Complaints Procedure a. Every bank should have in place a written complaints procedure for the proper handling of any complaint from a customer, with a summary of this procedure forming part of the bank’s Terms and Conditions referred to in B.7 above. b. Within a short period of time following the date a bank receives a complaint, it should: (i) acknowledge in writing to the customer/ complainant the fact of its receipt of the complaint; and (ii) provide the complainant with the name of one or more individuals appointed by the bank to deal with the complaint until either the complaint is resolved or cannot be processed further within the bank. c. The bank should provide the complainant with a regular written update on the progress of the investigation of the complaint at reasonable intervals of time. d. Within a few business days of its completion of the investigation of the complaint, the bank should inform the customer/complainant in writing of the outcome of the investigation and, where applicable, explain the terms of any offer or settlement being made to the customer/ complainant. e. When a bank receives a verbal complaint, it should offer the customer/complainant the opportunity to have the complaint treated by the bank as a written complaint in accordance with the above. A bank may not require, however, that a complaint be in writing. f. A bank should maintain an up-to-date record of all complaints it has received that are subject to the complaints procedure. For each complaint, this record should contain the details of the complainant, the nature of the complaint, a copy of the bank's response(s), a copy of all other relevant correspondence or records, the action taken to resolve the complaint and whether resolution was achieved and, if so, on what basis. The bank should make these records available for review by the banking supervisor or regulator as and when requested. Many banking supervisors deal with customer complaints either through the Code of Banking Practices or through their general supervisory power. For instance, the supervisors in Asia leave complaint forms in bank branches, so that the public can send the complaint directly to the banking supervisors. Some supervisors have a special unit dedicated to deal with consumer 28 complaints against supervised financial institutions, even if the objectives of the banking supervisor do not explicitly mention consumer protection as a mandate. Guidance on this good practice derives from the EU Commission Recommendation on the principles for out-of-court bodies involved in the consensual resolution of consumer disputes, 2001/310/EC. E.2. Formal Dispute Settlement Mechanisms a. A system should be in place that allows a customer of a bank to seek affordable and efficient recourse to a third-party banking ombudsman or equivalent institution, in the event the customer’s complaint is not resolved to his or her satisfaction in accordance with the procedures outlined in E.1 above. b. The existence of the banking ombudsman or equivalent institution, and the procedures before this institution, should be set forth in every bank’s Terms and Conditions referred to in B.7 above. c. The banking ombudsman or equivalent institution should be impartial and act independently from the appointing authority, the banking industry and the specific bank with which the complaint has been lodged. d. The decision of the banking ombudsman or equivalent institution should be binding upon the bank with which the complaint has been lodged and this fact, as well as the mechanism to ensure the enforcement of such a decision, should be set forth in every bank’s Terms and Conditions referred to in B.7 above. Few customers have the knowledge to realize that their rights have been infringed and even if they realize, they have very few avenues to pursue their claims. Thus, banks should be mandated to have an internal dispute resolution or complaint handling mechanism, which provides a first- level dispute resolution mechanism. Unless there are voluntary consumer associations that have the resources and skills to assist customers with their complaints or legal actions against banks, consumers do not have many venues to seek redress. The absence of small claims court, as is the case in many countries, prevents an affordable means for the average customer to bring action against sellers, service providers and corporations. Thus, it is not surprising that banking systems around the world seek to establish an Ombudsman that is regarded as a fundamental requirement for sound consumer protection. An Ombudsman can also identify complaints that are few in number but high in importance for consumer confidence in the financial sector—which enables the relevant authorities to take effective action to remedy the situation. Without clear codes of banking practices and standardized contracts, it becomes difficult for the Ombudsman to effectively mediate and ameliorate the problems faced by bank customers. In many countries, the Code of Banking Practices (that is binding on all banks) forms the basis for the Ombudsman‘s jurisdiction and guidance. F. Guarantee Schemes and Insolvency F.1. Depositor Protection a. The law should ensure that the regulator can take prompt corrective action on a timely basis. 29 b. The law on deposit insurance should be clear on: (i) the insurer; (ii) the classes of those depositors who are insured; (iii) the extent of insurance coverage; (iv) the holder of all funds for payout purposes; (v) the contributor(s) to this fund, each event that will trigger a payout from this fund to any class of those insured; (vi) the mechanisms to ensure timely payout to depositors who are insured. c. In the absence of deposit insurance, there should be an effective and timely payout mechanism in the event of insolvency of a bank. Policymakers have choices regarding how they can protect depositors and contribute to financial system stability. Explicit, limited-coverage deposit insurance (a deposit insurance system) has become the preferred choice compared to other alternatives, such as reliance on implicit protection. A deposit insurance system clarifies the authority‘s obligations to depositors, limits the scope for discretionary decisions, can promote public confidence, helps to contain the costs of resolving failed institutions, and can provide countries with an orderly process for dealing with bank failures. The introduction or the reform of a deposit insurance system can be more successful when a country‘s banking system is healthy and its institutional environment is sound. In order to be credible, a deposit insurance system needs to be part of a well-constructed financial system safety net, properly designed and well implemented. It also needs to be supported by strong prudential regulation and supervision, sound accounting and disclosure regimes, and the enforcement of effective laws. An effective deposit insurance system should also be supported by a high level of public awareness about its existence, its benefits and its limitations. A deposit insurance system can deal with a limited number of simultaneous bank failures, but the resolution of a systemic banking crisis requires that all financial system safety-net participants work together effectively. The BIS Core Principle 23 issued in September 2005, the EU Directive on Deposit Guarantee Schemes 1994/19/EC, and the key conclusions of the APEC Policy Dialogue on Deposit Insurance in 2005 have provided guidance for this good practice.36 F.2. Insolvency a. Depositors should enjoy higher priority than other unsecured creditors in the liquidation process of a bank. b. The law dealing with the insolvency of banks should provide for expeditious, cost effective and equitable provisions to enable the maximum timely refund of deposits to depositors. The BIS Supervisory Guidance on Dealing with Weak Banks and other international guidelines stated in the annotation of F.1 above have provided the background for this good practice. 36 See http://www.apec.org/apec/documents_reports/finance_ministers_process/2004.html 30 G. Consumer Empowerment G.1. Broadly based Financial Capability Program A broadly based program of financial education and information should be developed to increase the financial capability of the population. a. A range of organizations –including the government, state agencies and non- governmental organizations– should be involved in developing and implementing the financial capability program. b. The government should appoint a ministry (e.g. the Ministry of Finance), the central bank or a financial regulator to lead and coordinate the development and implementation of the national financial capability program. Financial education, information and guidance can help consumers to budget and manage their income, to save, invest and protect themselves against risks, and to avoid becoming victims of financial fraud and scams. As financial products and services become more sophisticated and households assume greater responsibility for their financial affairs, it becomes increasingly important for individuals to manage their money well, not only to help secure their own and their family's financial well-being, but also to facilitate the smooth functioning of financial markets and the economy. According to OECD analysis, many people have a poor understanding of the financial issues that affect their lives. OECD countries have agreed on new good practices on financial education relating to private pensions and insurance, which call on governments and businesses to work together to improve financial literacy in order to give people the tools they need to secure their future.37 Important conferences and seminars have been organized to raise awareness on this issue, including the International Conference on Financial Education (India, September 2006), the G8 Conference on Improving Financial Literacy (Moscow, November 2006), the International Seminar on Risk Awareness and Education on Insurance Issues (Istanbul, April 2007), the International Forum on Financial Consumer Protection and Education (Budapest, October 2007) and the OECD-US Treasury International Conference on Financial Education (Washington, D.C., May 2008). In order to assist policymakers, the OECD has established the International Gateway for Financial Education to describe, analyze and assess the effectiveness of programs to improve financial literacy. The EU has also recognised the importance of improving people's financial capability38. The term ―financial capability‖ means the ability to manage one's money, keep track of one's finances, plan ahead, choose appropriate financial products and services and stay informed about financial matters39. Financial capability initiatives are complementary to, not a substitute for, consumer protection regulation. The most effective ways of improving people's financial capability vary according to factors such as their age, income level, educational attainment and culture. A range of approaches are needed which reflect the diversity of people's needs and aptitudes. 37 See OECD, Improving Financial Literacy: Analysis of Issues and Policies, September 2005. 38 See European Commission, Communication on Financial Education, 2007 39 This definition, as amended here slightly, is used on the website of the UK Financial Services Authority. 31 These approaches should focus on people's attitudes, as well as on financial education, information and skills. For example, it is not sufficient that people know how to save, they also need to understand the benefits that this can bring them and their families, to recognise that it is worth deferring current expenditure, and to be motivated to set aside money on a regular basis. It is also important to cover basic issues such as budgeting, saving, planning ahead and choosing products, rather than merely to provide information about particular types of financial products and services. There are many bodies –from government, state agencies and non-governmental organizations – which have an interest in improving people's financial capability. They should work together on this issue, so that there is a range of initiatives which, over time, will help to drive up people's ability to manage their personal finances. The government should appoint a ministry (for example, the Ministry of Finance), the central bank or a financial regulator to lead and coordinate the development and implementation of the national financial capability program. This organization should provide drive and momentum; secure the active engagement of a broad range of other organizations; and ensure that priorities are identified and that unnecessary duplication is avoided, so that the most cost-effective use is made of available resources. G.2. Financial Education in Schools Schoolchildren should receive a planned and coherent program of financial education which is designed to give them the competence and confidence to manage their finances well during their adult lives. Financial education should be provided in schools so that schoolchildren gain the understanding, skills and confidence to manage their money as they take on responsibility for managing their own financial affairs. There is unlikely to be room in the curriculum for financial education to be included as a separate subject. However, financial education can be incorporated into a range of other subjects, such as mathematics, life skills and citizenship. Relevant educational bodies should plan students' financial education, so that it is comprehensive and coherent. Schoolchildren are more likely to find financial education engaging where it is interactive (for example, it involves research and problem-solving) and it relates to issues which they regard as relevant to their lives in the reasonably foreseeable future40. So, for example, older students are more likely to react positively to issues regarding saving for a holiday or for a car or to pay for their education, than issues relating to pensions or mortgages. There are many resources41 – for 40 See Shaun Mundy, Financial Education in Schools: Analysis of Selected Current Programmes and Literature – Draft Recommendations for Good Practices, published in proceedings of OECD-US Treasury International Conference on Financial Education, Washington DC, 7-8 May 2008, Volume II 41 See, for example, the US Jump$tart’s Clearinghouse of financial educational tools at www.jumpstartclearinghouse.org; the UK Personal Finance Education Group's website at http://www.pfeg.org/teaching_resources/index.html; the Australian Financial Literacy Foundation's website at www.understandingmoney.gov.au; and the Citi Financial Education Curriculum at http://www.citigroup.com/citi/financialeducation/curriculum/kids.htm. 32 schoolchildren of kindergarten age upwards – which are in use in schools in certain countries and which can potentially be adapted for use in other countries. Many teachers feel that they lack the confidence and competence to manage their own money well. Consideration should be given to the resources and support which teachers need to help equip them to provide effective personal finance education for their students. G.3. Using a Range of Initiatives and Channels, including the Mass Media a. A range of initiatives should be undertaken to improve people's financial capability. b. This should include encouraging the mass media to provide financial education, information and guidance. People learn in different ways. The approaches and channels likely to be most effective will vary according to (among other things) people's age, income level, culture and the style of learning with which they are most comfortable. They are unlikely to absorb all relevant information and guidance the first time they see or hear it: providing the information a number of times, and in a variety of different ways, can help to reinforce key messages. For these reasons, a range of financial capability initiatives should be developed. These can include:  Programs aimed at young people, such as university and college students  Financial education presentations and other facilitated learning in workplaces and local communities (supported by ―train the trainer‖ programs)  Publications and websites  Television, radio and drama. People are more likely to be receptive to financial education and information at certain times in their lives, known as ―teachable moments‖. These include people who are planning to get married, people who are separating from their partner, parents before or after the birth of a child, people starting a new job – particularly if it's their first job, households receiving overseas remittances. The media –particularly television and radio– can play an important role in providing financial education and information. They should be encouraged to make it as accessible as possible to ordinary people –for example, through incorporating it into ―soaps‖ or radio phone-ins. Regulators and/or industry associations can support these initiatives by providing the media with information about current concerns and about different types of financial services and products. G.4. Unbiased Information for Consumers a. Financial regulators should provide, via the internet and printed publications, independent information on the key features, benefits and risks –and where practicable the costs– of the main types of financial products and services. b. Non-governmental organizations should be encouraged to provide consumer awareness programs to the public regarding financial products and services. Consumers and potential consumers are more likely to have the confidence to purchase financial products and services which are suitable for them if they have access to information which is reliable and objective. Financial regulators are well-placed to provide this. For example, the UK 33 Financial Services Authority's consumer website Money Made Clear includes information on a range of products42; provides a facility to download or order leaflets (which can also be ordered by telephone)43; and includes impartial tables44 which people can use to compare the costs and some other features of similar financial products from different companies. G.5. Consulting Consumers and the Financial Services Industry a. The government and state agencies should consult with consumers, industry associations and financial institutions to help them to develop programs that meet consumers' needs and expectations. b. They should also undertake consumer testing to try to ensure that proposed initiatives are likely to have their intended outcomes. In developing financial capability programs, it is helpful to take into account, through consultation, the perspectives of consumers (which, in countries where there are informed and effective consumer organizations, can be undertaken through consulting those organizations) and of financial services firms and/or their trade associations. To ensure that consumers are actively involved in the policy development process, it is recommended that the government, or private sector organizations, either provide appropriate funding to non-governmental organizations for this purpose or create a special entity to lobby on behalf of consumers in the policy-making process. It can also be very beneficial to test proposed initiatives with end-users (that is, a sample of the type of person that the initiative in question is intended to reach) to try to ensure that the initiative will have the intended impact. Among the techniques for doing so are the use of focus groups and pilot studies. G.6. Measuring the Impact of Financial Capability Initiatives a. The financial capability of consumers should be measured through a broad-based household survey that is repeated from time to time. b. The effectiveness of key financial capability initiatives should be evaluated. In order to measure the impact of financial education and information, the financial capability of a sample of the population should be measured by means of large-scale market research that gets repeated from time to time. Financial capability initiatives will take some time to have a measurable impact on the financial capability of a population, so it is likely to be sufficient to repeat the survey every four to five years. In addition, key financial capability initiatives should be evaluated to assess their impact on those people they are intended to reach. This can help policymakers and funders to decide, on an informed basis, which initiatives should be continued (and perhaps scaled up) and which should be modified or discontinued. 42 See http://www.moneymadeclear.fsa.gov.uk/ 43 See http://www.moneymadeclear.fsa.gov.uk/publications 44 See http://www.moneymadeclear.fsa.gov.uk/tools/compare_products.html 34 H. Competition and Consumer Protection H.1. Regulatory Policy and Competition Policy Financial regulators and competition authorities should be required to consult with one another for the purpose of ensuring the establishment, application and enforcement of consistent policies regarding the regulation of financial services. In many countries, general consumer law including the Competition policy in the EU requires a protection of the economic interests of consumers. This includes for instance, protection from misleading and comparative advertising and unfair contract terms. All business practices that restrict, prevent or distort competition are subject to scrutiny.45 H.2. Review of Competition Given the significance of retail banking to the economy as a whole and to the welfare of consumers, competition authorities should: a. Monitor competition in retail banking. b. Conduct and publish periodic assessments of competition in retail banking, and make recommendations on how competition in retail banking can be enhanced. See annotation on H.1 above. Many international guidelines have provided guidance for the development of this good practice including, EC Treaty‘s Articles 81 and 82; EC‘s Sector Inquiry under Art 17 of Regulation 1/2003 on retail banking; OECD‘s non-binding Recommendations on competition law and policy; as well as OECD‘s Best Practices on information exchange in cartel investigations. OECD‘s Recommendations and Best Practices are often catalysts for major change by governments (see Table 1 for an overview of these recommendations and best practices). 45 See European Commission, Directorate-General for Competition, Report on the retail banking sector inquiry, Commission Staff Working Document, SEC(2007) 106, 31 January 2007 35 II. SECURITIES SECTOR Consumer protection in the securities sector has been recognized as critical to the development of the depth and integrity of the securities markets for many years. The relationship between an intermediary or a collective investment undertaking (CIU) and its customers provides for the fair and sound functioning of the securities markets. The maintenance of the integrity of that relationship has been the subject of governmental regulatory action and international cooperation for many years and is the basis for the development of these good practices. An overview of the main international consumer protection legislation and regulation for the securities sector is presented in Table 2. Table 2. Overview of Consumer Protection Regulation for the Securities Sector Institution Laws, Regulations, Directives and Guidelines IOSCO – International Objectives and Principles of Securities Regulation, September 1998 updated as of February 2008 Organization of Securities Commissions Methodology for Assessing Implementation of the IOSCO Objectives and Principles of Securities Regulation, October 2003 updated as of February 2008 EU Directive Concerning Processing Personal Data and Protection of Privacy in the Electronic Communication Sector, 2002/58/EC Directive on Protection of Consumers in Respect of Distance Contracts, 1997/7/EEC Directive on the Distance Marketing of Consumer Financial Services, 2002/65/EC Directive on Misleading and Comparative Advertising, 2006/114/EEC Directive on Markets in Financial Instruments, 2004/39/EC (MiFID) Directive on Investor-Compensation Schemes, 1997/9/EC Directive on Undertakings in Collective Investments in Transferrable Securities, 2009/65/EC, recasting 1985/611/EEC (UCITS) CESR – Committee of A Proposal for a European Regime of Investor Protection: The Harmonization of Conduct of European Securities Business Rules, April 2002 Regulators FINRA – US Financial FINRA Manual: FINRA Rules, including NASD Rules and NYSE Rules being incorporated into the Industry Regulatory Authority FINRA Manual SEC – US Securities and Securities Act of 1933, and regulations promulgated thereunder Exchange Commission Securities Exchange Act of 1934, and regulations promulgated thereunder Investment Company Act of 1940, and regulations promulgated thereunder Investment Advisors Act of 1940, and regulations promulgated thereunder Securities Investors Protection Act of 1970, as amended, which created Securities Investors Protection Corporation 36 A. Investor Protection Institutions A.1. Consumer Protection Regime The law should provide for clear rules on investor protection in the area of securities markets products and services, and there should be adequate institutional arrangements for the implementation and enforcement of investor protection rules. a. There should be specific legal provisions in the law, which creates an effective regime for the protection of investors in securities. b. There should be a governmental agency responsible for data collection and analysis (including complaints, disputes and inquiries) and for the oversight and enforcement of investor protection laws and regulations. A general consensus has developed that investor/consumer protection in the securities markets requires a legal framework and should be regulated by a governmental agency. Source: IOSCO Principles 1-5. A.2. Code of Conduct for Securities Intermediaries and Collective Investment Undertakings a. Securities Intermediaries and CIUs should have a voluntary code of conduct. b. Securities Intermediaries and CIUs should publicize the code of conduct to the general public through appropriate means. c. Securities Intermediaries and CIUs should comply with the code and an appropriate mechanism should be in place to provide incentives to comply with the code. In addition to the governmental regulation, market professionals in the securities market should have a code of conduct that can provide guidance for market professionals and a means by which their customers can evaluate them. Sources: IOSCO Rules 25-29; CESR Standard 10 and Rule 17; and FINRA Manual incorporating NASD Rules Section 2000 Business Conduct. A.3. Other Institutional Arrangements a. The judicial system should provide an efficient and trusted venue for the enforcement of laws and regulations on investor protection. b. The media should play an active role in promoting investor protection. c. The private sector, including voluntary investor protection organizations, industry associations and, where permitted, self-regulatory organizations should play an active role in promoting investor protection. A fair and efficient judicial system is critical for the functioning of any regulatory system. An open and free discussion regarding the financial system in the information media is also critical for a full evaluation of the extent to which a financial system provides protection for investors. In addition, private sector organizations are an important means of disseminating information to consumers in a cost effective manner and should be encouraged within the context of the legal 37 system. Sources: FINRA Manual incorporating NASD Rules Sections 2000 and 3000, and SEC Securities and Exchange Act of 1934 Section 15A. A.4. Licensing a. All legal entities or physical persons that, for the purpose of investment or speculation, solicit funds from the public should be obliged to obtain a license from the supervisory agency. b. The securities supervisory agency should have broad powers to investigate fraudulent schemes. A key measure in preventing the emergence of financial pyramids is the requirement for licensing of all entities that contact the public and solicit funds for investment or speculation. However, a distinction should be made between private solicitations of friends and family versus a public solicitation to an indeterminate number of investors. For the latter, different jurisdictions use different thresholds to identify what is an "indeterminate number", but the threshold is generally between 15 and 50 investors. All persons, legal and physical, that solicit funds from more than 50 investors should be required to be registered with the financial supervisory agency and be obliged to obtain a license for their activities. The securities supervisory agency should have broad powers to investigate Ponzi and other pyramid schemes and then assist the criminal authorities in prosecution. The law should identify a multi-level sales scheme as a pyramid scheme if: (1) the scheme requires a payment for the right to receive compensation for recruiting new salespersons into the plan; (2) there is inventory loading, that is, new salespersons must purchase an unreasonable quantity of a product or service; and (3) purchases of services are required as a condition of entry into the scheme. Sources: IOSCO Principles 8 and 12, CESR Standard 35. B. Disclosure and Sales Practices B.1. General Practices There should be disclosure principles that cover an investor’s relationship with a person buying or selling securities, or offering to do so, in all three stages of such relationship: pre-sale, point of sale, and post-sale. a. The information available and provided to an investor should inform the investor of: (i) the choice of accounts, products and services; (ii) the characteristics of each type of account, product or service; and (iii) the risks and consequences of purchasing each type of account, product or service. b. A securities intermediary or CIU should be legally responsible for all statements made in marketing and sales materials related to its products. 38 c. A natural person acting as the representative of a securities intermediary or CIU should disclose to an investor whether he is licensed to act as such a representative and by whom he is licensed. Disclosure of all relevant information to a customer of a securities intermediary is one of the most important aspects of consumer protection in the securities sector. Full information about the services provided to the customer is critical in giving the customer the ability to make an informed decision as to which intermediary or CIU to use. Sources: (a) IOSCO Principle 23; CESR Standards 37-39; (b) IOSCO Principle 1; and (c) CESR Standard 35 and MiFID Article 19. B.2. Terms and Conditions Before commencing a relationship with an investor, a securities intermediary or CIU should provide the investor with a copy of its general terms and conditions, and any terms and conditions that apply to the particular account. Insofar as possible, the terms and conditions should always be in a font size and spacing that facilitates easy reading. The terms and conditions should disclose: a. Details of the general charges; b. The complaints procedure; c. Information about any compensation scheme that the securities intermediary or CIU is a member of, and an outline of the action and remedies which the investor may take in the event of default by the securities intermediary or CIU; d. The methods of computing interest rates paid or charged; e. Any relevant non-interest charges or fees related to the product; f. Any service charges; g. Any restrictions on account transfers; and h. The procedures for closing an account. This sets out the general disclosure requirements of B.1. in more detail regarding the specific contract that the customer enters into. The point-of-sale disclosure is recognized as the critical moment in sales disclosure due to its immediate impact on the customer to make the decision to invest. Sources: IOSCO Principle 23, CESR Standards 78-79 and Rule 80, and MiFID Article 19. B.3. Professional Competence Regulators should establish and administer minimum competency requirements for the sales staff of securities intermediaries and CIUs, and collaborate with industry associations where appropriate. Since the sales person is the direct link between the intermediary and the customer, the sales persons should be properly qualified and knowledgeable about the products that they are selling. Sources: MiFID Article 9 (only requires managers of investment firms to be qualified) and FINRA Manual incorporating NASD Rules 1030-1032. 39 B.4. Know-Your-Customer Before providing a product or service to an investor, a securities intermediary or CIU should obtain, record and retain sufficient information to enable it to form a professional view of the investor’s background, financial condition, investment experience and attitude toward risk in order to enable it to provide a recommendation, product or service appropriate to that investor. There is a general consensus that a securities intermediary or CIU should obtain information from their customers so that they can deal with them in a manner appropriate to their circumstances. Sources: IOSCO Principle 23, CESR Standard 62 and Rules 63-70, MiFID Article 19 and FINRA Manual incorporating NASD Rule 2310. B.5. Suitability A securities intermediary or CIU should ensure that, taking into account the facts disclosed by the investor and other relevant facts about that investor of which it is aware, any recommendation, product or service offered to the investor is suitable to that investor. There is a general consensus that a securities intermediary should warn customers that certain types of investments are not suitable for them based on their financial situation and investment goals. Sources: IOSCO Principle 23, CESR Standards 72-74 and Rules 75-77, MiFID Article 19 and FINRA Manual incorporating NASD Rule 2310 provide background for this good practice. B.6. Sales Practices Legislation and regulations should contain clear rules on improper sales practices in the solicitation, sale and purchase of securities. Thus, securities intermediaries, CIUs and their sales representatives should: a. Not use high-pressure sales tactics; b. Not engage in misrepresentations and half truths as to products being sold; c. Fully disclose the risks of investing in a financial product being sold; d. Not discount or disparage warnings or cautionary statements in written sales literature; e. Not exclude or restrict, or seek to exclude or restrict, any legal liability or duty of care to an investor, except where permitted by applicable legislation. Legislation and regulations should provide sanctions for improper sales practices. There is a general consensus that the obligation to deal fairly and honestly with customers includes the obligation to use sales practices that do not deceive, defraud or unduly pressure customers to make investment decisions. This obligation should be enforced with legal sanctions in order to make the obligation effective. Source: General duty IOSCO Principle 23 and MiFID Article 19. More specifically, for some of the points a. to f. above, the following guidelines have been consulted: (a) CESR Standard 18 Rule 23; (b) CESR Standard 29 Rule 31 and FINRA Rule 2020; (c) CESR Standards 51 and 52, Rules 53 and 54. Points d. and e. have been developed by the World Bank team. 40 B.7. Advertising and Sales Materials a. All marketing and sales materials should be in plain language and understandable by the average investor. b. Securities intermediaries, CIUs and their sales representatives should ensure their advertising and sales materials and procedures do not mislead the customers. c. Securities intermediaries and CIUs should disclose in all advertising, including print, television and radio, the fact that they are regulated and by whom. Disclosure of adequate information in advertising, marketing and sales materials is another important aspect of consumer protection in the securities sector. Sources (a) CESR Standard 25; (b) CESR Standard 29 and Rule 31, and FINRA Manual incorporating NASD Rule 2210; and (c) CESR Standard 35 and MiFID Article 19. C. Customer Account Handling and Maintenance C.1. Segregation of Funds Funds of investors should be segregated from the funds of all other market participants. In order to protect customer funds in the event of insolvency of an intermediary or CIU, customer funds should be segregated from the assets of the intermediary or CIU in a manner to protect the assets from being a part of the bankruptcy estate of the intermediary and CIU. Sources: IOSCO Principle 23; MiFID Article 13 (7) and (8) that provide arrangements to safeguard client funds, but no statement of segregation; FINRA Manual incorporating NASD Rule 2330; and SEC Securities and Exchange Act of 1934 and Regulation 15c3-3 promulgated thereunder. C.2. Contract Note Investors should receive a detailed contract note from a securities intermediary or CIU confirming and containing the characteristics of each trade executed with them, or on their behalf. The contract note should disclose the commission received by the securities intermediary, CIU and their sales representatives as well as the total expense ratio (expressed as total expenses as a percentage of total assets purchased). Customers should have immediate information as to any transactions in their accounts as well as the terms of the transactions. This enables customers to verify whether the transaction was executed pursuant to the authorization given by the customer. Waiting for such information for a long time period reduces the ability of the customer and intermediary or CIU to correct any mistakes in the transaction. Sources: IOSCO Principle 23, CESR Standard 55 and Rules 58 and 59, and FINRA Manual incorporating NASD Rule 2230. C.3. Statements An investor should receive periodic, streamlined statements for each account with a securities intermediary or CIU, providing the complete details of account activity in an easy-to-read format. 41 a. Timely delivery of periodic securities and CIU statements pertaining to the accounts should be made. b. Investors should have a means to dispute the accuracy of the transactions recorded in the statement within a stipulated period. c. When an investor signs up for paperless statements, such statements should also be in an easy-to-read and readily understandable format. Customers need access to the information regarding their accounts. Providing customers with regular statements on a periodic basis (depending on the activity in the account) has been generally accepted as the best means to provide this information. Sources: For points a. and c. above: (a) IOSCO Principle 23, CESR Standard 56 and Rule 59, and FINRA Manual incorporating NASD Rule 2340; and (c) NASD Notice to Members 98-3 Electronic Delivery of Information between Members and their Customers. Point b. has been developed by the World Bank team. C.4. Prompt Payment and Transfer of Funds When an investor requests the payment of funds in his or her account, or the transfer of funds and assets to another securities intermediary or CIU, the payment or transfer should be made promptly. Investors may need immediate access to their funds in order to meet other financial and personal obligations. The delay in payment of account balances or the closing of accounts reduces confidence and the perception of the integrity of the securities markets. Sources: IOSCO Principle 23 and FINRA Manual incorporating NASD Rule 11870. C.5. Investor Records A securities intermediary or CIU should maintain up-to-date investor records containing at least the following: a. A copy of all documents required for investor identification and profile; b. The investor’s contact details; c. All contract notices and periodic statements provided to the investor; d. Details of advice, products and services provided to the investor; e. Details of all information provided to the investor in relation to the advice, products and services provided to the investor; f. All correspondence with the investor; g. All documents or applications completed or signed by the investor; h. Copies of all original documents submitted by the investor in support of an application for the provision of advice, products or services; i. All other information concerning the investor which the securities intermediary or CIU is required to keep by law; j. All other information which the securities intermediary or CIU obtains regarding the investor. Details of individual transactions should be retained for a reasonable number of years after the date of the transaction. All other records required under a. to j. above should be retained for a 42 reasonable number of years from the date the relationship with the investor ends. Investor records should be complete and readily accessible. The maintenance of books and records is vital to the proper regulation of intermediaries, CIUs and other market participants, as well as the review of the events in individual customer accounts. Without the maintenance of these records, the regulatory system would be ineffective and customer protection would be minimized. Sources: IOSCO Principle 23; CESR Standard 10 Rule 15, requiring the retention of the details of transactions for 5 years after the date of the transaction; SEC Securities and Exchange Act of 1934, and Regulation 17a-3 thereunder; and FINRA Manual incorporating NASD Rule 3110. D. Privacy and Data Protection D.1. Confidentiality and Security of Customer’s Information Investors of a securities intermediary or CIU have a right to expect that their financial activities will have privacy from unwarranted private and governmental scrutiny. The law should require that securities intermediaries and CIUs take sufficient steps to protect the confidentiality and security of a customer’s information against any anticipated threats or hazards to the security or integrity of such information, and against unauthorized access to, or use of, customer information. A consensus has developed that customers have a right to financial privacy and to be free from unwarranted intrusions into their privacy. Because of the requirement for intermediaries and CIUs to know their customers, securities markets professionals often have some of the largest sources of information regarding the financial situation of their customers. Therefore, it is very important that the intermediaries and CIUs have an obligation to keep the financial information of their clients secure from unwarranted access by internal persons in the intermediary and CIU and from external persons. Sources: EU Directive Concerning Processing Personal Data and Protection of Privacy in the Electronic Communication Sector 2002/58/EC, and SEC Securities and Exchange Act of 1934 and Regulation S-P thereunder. D.2. Sharing Customer’s Information Securities intermediaries and CIUs should: a. Inform an investor of third-party dealings in which they should share information regarding the investor’s account, such as legal enquiries by a credit bureau, unless the law provides otherwise; b. Explain how they use and share an investor’s personal information; c. Allow an investor to stop or "opt out" of certain information sharing, such as selling or sharing account or personal information to outside companies that are not affiliated with them, for the purpose of telemarketing or direct mail marketing, and inform the investor of this option. Customers should be aware of how information can be shared with third parties and within the various units or subsidiaries of a financial conglomerate. Many of these shared uses can be 43 beneficial for a customer, but a customer should have the right to stop or prohibit such information sharing if the customer does not find such information sharing to be useful or beneficial to him or her. Sources: EU Directive Concerning Processing Personal Data and Protection of Privacy in the Electronic Communication Sector 2002/58/EC, and SEC Securities and Exchange Act of 1934 and Regulation S-P thereunder. D.3. Permitted Disclosures a. The law should state specific procedures and exceptions concerning the release of customer financial records to government authorities. b. The law should provide for penalties for breach of investor confidentiality. Governmental regulatory authorities have the need to obtain customer information for regulatory purposes and law enforcement purposes. The instances where this is permitted should be clearly stated in the law, as well as procedures for notification or situations where notification is not required. Enforcement for violation of the privacy rules should be made effective by civil, administrative and criminal penalties, for violations of the law. Sources: EU Directive Concerning Processing Personal Data and Protection of Privacy in the Electronic Communication Sector 2002/58/EC, and SEC Securities and Exchange Act of 1934 and Regulation S-P thereunder. E. Dispute Resolution Mechanisms E.1. Internal Dispute Settlement a. An internal avenue for claim and dispute resolution practices within a securities intermediary or CIU should be required by the securities supervisory agency. b. Securities intermediaries and CIUs should provide designated employees available to investors for inquiries and complaints. c. Securities intermediaries and CIUs should inform their investors of the internal procedures on dispute resolution. d. The securities supervisory agency should provide oversight on whether securities intermediaries and CIUs comply with their internal procedures on investor protection rules. Many customer complaints come from misunderstandings or lack of information about their accounts, which can be cleared up internally with the intermediary and CIU. Efficient internal procedures should be in place to handle customer complaints fairly and quickly. Sources: for points a., c. and d. discussed above: (a) IOSCO Principle 23; (c) CESR Standard 78 Rule 80 where a procedure exists, such as arbitration; and (d) IOSCO Principles 1-5. Point b. has been developed by the World Bank team. 44 E.2. Formal Dispute Settlement Mechanisms There should be an independent dispute resolution system for resolving disputes that investors have with their securities intermediaries and CIUs. a. A system should be in place to allow investors to seek third-party recourse, such as an ombudsman or arbitration court, in the event the complaint with their securities intermediary or CIU is not resolved to their satisfaction in accordance with internal procedure, and it should be made known to the public. b. The independent dispute resolution system should be impartial and independent from the appointing authority and the industry. c. The decisions of the independent dispute resolution system should be binding upon on the securities intermediaries and CIUs. The mechanisms to ensure the enforcement of these decisions should be established and publicized. Retail investors frequently invest small sums and the expense of judicial processes can render any successful claim regarding those sums meaningless. Consequently, it is important for retail investors to have an alternate method of dispute resolution which is quick, efficient and inexpensive so that their rights can be enforced. Sources: MiFID Article 53 and FINRA Rule 12000 Code of Arbitration Procedure for Customer Disputes. F. Guarantee Schemes and Insolvency F.1. Investor Protection a. There should be clear provisions in the law to ensure that the regulatory authority can take prompt corrective action on a timely basis in the event of distress at a securities intermediary or CIU. b. The law on the investors guarantee fund, if there is one, should be clear on the funds and financial instruments that are covered under the law. c. There should be an effective mechanism in place for the pay-out of funds and transfer of financial instruments by the guarantee fund or insolvency trustee in a timely manner. d. The legal provisions on the insolvency of securities intermediaries and CIUs should provide for expeditious, cost-effective and equitable provisions to enable the timely payment of funds and transfer of financial instruments to investors by the insolvency trustee of a securities intermediary or CIU. Customer funds should be protected in the event of the insolvency of intermediaries and CIUs where their funds are placed. The insolvency proceedings should provide for a fair and rapid mechanism for the pay out of customer funds. Where permitted by law, an investor guarantee fund can provide an independent, effective mechanism for ensuring that investor funds are protected and returned to them promptly. Sources: IOSCO Principle 24, EU Directive on Investor-Compensation Schemes, and SEC Securities Investor Protection Act of 1970. 45 G. Consumer Empowerment G.1. Broadly based Financial Capability Program A broadly based program of financial education and information should be developed to increase the financial capability of the population. a. A range of organizations–including government, state agencies and non-governmental organizations–should be involved in developing and implementing the financial capability program. b. The government should appoint a ministry (e.g. the Ministry of Finance), the central bank or a financial regulator to lead and coordinate the development and implementation of the national financial capability program. Financial education, information and guidance can help consumers to budget and manage their income, to save, invest and protect themselves against risks, and to avoid becoming victims of financial fraud and scams. As financial products and services become more sophisticated and households assume greater responsibility for their financial affairs, it becomes increasingly important for individuals to manage their money well, not only to help secure their own and their family's financial well-being, but also to facilitate the smooth functioning of financial markets and the economy. Many organizations in both the public and private sector have an interest in improving people's financial capability. They should work together on this issue, so that there is a range of initiatives which, over time, will help to drive up people's ability to manage their personal finances. G.2. Using a Range of Initiatives and Channels, including the Mass Media a. A range of initiatives should be undertaken to improve people's financial capability. b. This should include encouraging the mass media to provide financial education, information and guidance. People learn in different ways. The approaches and channels likely to be most effective will vary according to (among other things) people's age, income level, culture and the style of learning with which they are most comfortable. They are unlikely to absorb all relevant information and guidance the first time they see or hear it: providing the information a number of times, and in a variety of different ways, can help to reinforce key messages. The media is one of the most efficient means of providing education and ongoing information to customers regarding the state of the securities markets and market participants. The regulator should view the media as an effective means of communicating its regulatory activity to a broad cross-section of investors and should provide the media with open access to public, non- confidential information for dissemination to the investing public. Source: This good practice has been developed by the World Bank team. 46 G.3. Unbiased Information for Investors a. Financial regulators should provide, via the internet and printed publications, independent information on the key features, benefits and risks--and where practicable the costs- of the main types of financial products and services. b. Non-governmental organizations should be encouraged to provide consumer awareness programs to the public regarding financial products and services. The regulator should take an active role in consumer education as part of its role to protect consumers. Consumers are better able to protect their interests and investments by making informed decisions prior to their investments, rather than engaging in litigation after an investment has gone awry. Source: IOSCO Principle 4. G.4. Measuring the Impact of Financial Capability Initiatives a. The financial capability of consumers should be measured through a broad-based household survey that is repeated from time to time. b. The effectiveness of key financial capability initiatives should be evaluated. See annotation of good practice G.6 for banking institutions. 47 III. INSURANCE SECTOR Insurance markets in many emerging and developing countries now have rapidly growing consumer components, driven by the introduction of compulsory motor and health insurance, links with credit provision and the growth of micro-insurance technology. Countries follow different approaches in their regulation of insurance institutions. Models include stand-alone supervisors (e.g. Russia, Egypt, Nigeria), integration within the Central Bank (e.g. Czech Republic, Serbia, Rwanda), and integration with the securities supervisor (e.g. Indonesia, Pakistan) and many variations on these basic structures. There are a number of common undesirable industry practices that can be avoided through strengthening consumer rights. These are unrealistic benefit illustrations, poor disclosure of the real costs of products, misleading advertisements, unfair claims settlement practices and not selling to identified needs. Insurance is an industry where agency incentives can be the main driver of the kind of product and quantity sold. Further, multi-level sales through family and friends and tying and bundling (especially if adhesion principles apply under the law), can limit a consumer’s choice and mobility. There are a number of international statutes, regulations and inquiries that provide the background for the developed template, as presented in Table 3. Table 3. Overview of Consumer Protection Regulation for the Insurance Sector Institution Laws, Regulations, Directives and Guidelines UN-United Nations UN Guidelines for the Regulation of Computerized Personal Data Files, adopted by the General Assembly Resolution 45/95 of 14 December 1990 IAIS-International Insurance Core Principles and Methodology, October 2003 Association of Insurance Supervisors Guidance Paper No. 4 on Public Disclosure by Insurers, January 2002 OECD Good Practices for Enhanced Risk Awareness and Education in Insurance Issues, 2008 Guidelines for the Security of Information Systems and Networks: Towards a Culture of Security, 2002 Guidelines for Good Practices for Insurance Claims Management, November 2004 APEC APEC Privacy Framework, 2005 EU Directive concerning Life Assurance, 2002/83/EC Directives on Non Life Insurance and Motor Insurance Directive on Insurance Agents and Brokers, 1977/92/EC Directive on Insurance Mediation, 2002/92/EC Directive on Reorganization and Winding-up of Insurance Undertakings, 2001/17/EC Directive Concerning Processing Personal Data and Protection of Privacy in the Electronic Communication Sector, 2002/58/EC Directive on Protection of Consumers in Respect of Distance Contracts, 1997/7/EEC Directive on the Distance Marketing of Consumer Financial Services, 2002/65/EC Directive on Misleading and Comparative Advertising, 2006/114/EEC Directive on the Protection of Individuals with regard to the Processing of Personal Data and on the Free Movement of such data, 1995/46/EC 48 Institution Laws, Regulations, Directives and Guidelines Recommendation on the Principles applicable to the Bodies responsible for Out–of-court Settlement of Consumer Disputes, 98/257/EC Recommendation on the Principles for Out-of-court Bodies involved in the Consensual Resolution of Consumer Disputes, 2001/310/EC Green Paper on Retail Financial Services in the EU: Com (2007) 226 Final Policy statement: Nature and consequences of pyramid activities in life and accident insurance: Commission on Financial Services and Insurance, 30 May 1997 The Project Group - Restatement of European Insurance Contract Law submission to the European Commission - Draft Common Frame of Reference (CFR): "Insurance Contract": http://www.restatement.info/ COE - Council of Europe Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data (ETS No. 108 of 28 January 1981, entered into force on 01 October 1985) and Explanatory Report Other leading jurisdictions US National Association of Insurance Commissioners (NAIC) – Market Conduct Surveillance Model Law, 2004 FTC – Standards for Safeguarding Customer Information, 2002 Australia – Insurance Contracts Act, 1984 Alberta, Canada – Fair Practices Regulation under Insurance Act, 128/ 2001 English and Scottish Law Commissions – Insurance Contract Law: A Joint Scoping Paper, 2005 (http://www.scotlawcom.gov.uk/downloads/cp_insurance.pdf) Latvia – Insurance Contracts Law, September 1998 as amended Czech Republic – The Insurance Contract Act, December 2003 Czech Republic – Act on Insurance Intermediaries and Loss Adjusters, December 2003 Insurance market conduct legislation is most developed in the English speaking world, largely reflecting activist media, an enormous and dynamic case law inventory, and a number of high profile cases such as Equitable in the UK. The EU has more recently become engaged in this area with the passage of the Directive on Certain Aspects of Mediation in Civil and Commercial Matters 2008/52/EC and an ongoing dialogue on the broader consumer protection agenda. In developing and emerging markets, consumer protection tends to be secondary to sectoral development and prudential oversight, and reflects the usual late development of the retail component of insurance markets. In many developing countries, the middle class protect themselves by dealing with reputable international insurers or joint ventures with international partners. However, the development of microinsurance is forcing an earlier consideration of relevant regulation. The Consultative Group to Assist the Poor (CGAP) Microinsurance Working Group and Finmark Trust in South Africa have been separately developing guidelines for this new market. Theoretical and policy studies on financial sector consumer protection are thin on the ground. Such work has acknowledged that consumer protection policy is different, although related to, competition policy. Work done in the late 1990s in particular identified the key role of information. Other work on human cognitive processes is also relevant to the insurance sector as relatively small probabilities of payout are often involved and it is clear that humans are not always rational in such circumstances. The insurance sector, because of a history of weak regulation and misuse for taxation and capital transfer purposes, or even direct fraud, has sometimes attracted less than desirable proprietors. This combined with the almost universal 49 requirement as countries develop that certain classes of insurance be mandatory inevitably means the eventual introduction of specific consumer protection laws and systems (although this sometimes follows rather than precedes politically sensitive scandals). Table 4 presents a list of key readings related to consumer protection for the insurance sector. Table 4. Selected Key Readings on Consumer Protection for the Insurance Sector Canadian Senate, Report of the Standing Committee on Banking Trade and Commerce – Consumer Protection in the Financial Sector – The Unfinished Agenda, June 2006 Hadfield, Gillian K., Robert Howse and Michael J. Trebilcock, ―Information-Based Principles for Rethinking Consumer Protection Policy‖, Journal of Consumer Policy, Volume 21, 1998 Herring, Richard J. and Anthony M. Santomero, ―What is Optimal Financial Regulation?‖, Wharton Financial Institutions Center Working Paper Series, Working Paper No. 00-34, May 1999 US National Association of Insurance Commissioners (NAIC), Personal Lines Regulatory Framework , September 2006 Monti, Alberto, ―The Law of Insurance Contracts in the People’s Republic of China: A Comparative Analysis of Policyholder’s Rights‖, Global Jurists Topics, Volume 1, Edition 3, 2001 UK Financial Services Authority (FSA), Reforming Conduct of Business Regulation, October 2006 UK Parliamentary and Health Services Ombudsman, Equitable Life: A Decade of Regulatory Failure, July 2008 Australian Law Reform Commission, Submissions to the Department of Treasury Review of the Insurance Contracts Act 1984 (Cth), 2003 and 2004 Tarr, A A., Insurance Law and the Consumer, Bond University Law Review, Volume 1, 1989 A. Consumer Protection Institutions A.1. Consumer Protection Regime The law should provide for clear rules on consumer protection in the area of insurance and there should be adequate institutional arrangements for implementation and enforcement of consumer protection rules. a. There should be specific provisions in the law, which create an effective regime for the protection of retail consumers of insurance. b. The rules should prioritize a role for the private sector, including voluntary consumer organizations and self-regulatory organizations. Good practices demand that insurers offering retail products and services are under supervision for consumer protection purposes because of the essentially opaque nature of insurance contracts (they offer a contingent intangible service delivered sometimes well after the contract is entered into), the enforced use of standard contracts (sometimes subject to adhesion rules), and the complexity of the relevant law (whether civil code or common law based). The International Association of Insurance Supervisors (IAIS) Core Principles and Methodology (ICP 25 – Consumer Protection) expresses this as follows: 50 ―The supervisory authority sets minimum requirements for insurers and intermediaries in dealing with consumers in its jurisdiction, including foreign insurers selling products on a cross-border basis. The requirements include provision of timely, complete and relevant information to consumers both before a contract is entered into through to the point at which all obligations under a contract have been satisfied.‖ A.2. Contracts There should be a specialized insurance contracts section in the general insurance or contracts law, or ideally a separate Insurance Contracts Act. This should specify the information exchange and disclosure requirements specific to the insurance sector, the basic rights of insurer and retail policyholder and allow for any asymmetries of negotiating power or access to information. Because of its highly specialized nature and very long history, insurance remains largely subject to a separate specialized body of law. In Civil Code countries, insurance contracts are almost inevitably covered by a separate section of the Civil Code, which will often refer to relevant sections elsewhere in that code. The Civil Code may be supplemented by more specific sections in the insurance law dealing with supervisory and prudential matters. Some common law countries have separate insurance contracts laws, and these may supplement a Civil Code in mixed law jurisdictions (e.g. Czech Republic). Because commercial and industrial insurance usually precedes the development of consumer (retail) insurance markets, the corpus of the insurance law in most developing and many transition markets does not adequately cover B2C situations and such countries often eventually draw on industrial country models. Aside from specifying the minimal contents of an insurance contract (ideally differentiated by the fundamental nature of the coverage – long term, liability, property, etc.), good B2C contract regulations should differentiate between material and non- material non-disclosure, and specify clearly: when the contract goes into force (including cover note situations); when underinsurance justifies the application of average; notification requirements when an insurer wishes to cancel or alter a contract; how contracts will be interpreted in the event of dispute; minimum requirements regarding use of plain words, typeface, etc.; and what clauses may not be included (e.g. warranty clauses, compulsory arbitration on the insurer‘s terms, etc.). Possible approaches are shown below:  Eastern European Countries with separate contracts law – Germany, Czech Republic, Austria, Latvia;  Major other countries with separate insurance contracts law – UK, Australia;  Major countries with Insurance Contracts section in Insurance Law –China, India, US, Brazil, Russia, Canada;  Civil Code/ Law of Obligations only – Italy, Turkey. A.3. Code of Conduct for Insurers a. There should be a principles-based, statutory code of conduct for insurers that is devised in consultation with the insurance industry and with relevant consumer associations, and is monitored and enforced in the last resort by a statutory agency. b. Insurers should publicize the code of conduct to the general public through appropriate means. c. The statutory code should be limited to good business conduct principles. It should be augmented by voluntary codes on matters specific to insurance products or channels. 51 In European legislation, there is no specific demand for establishing codes of conduct in the insurance sector, nor are there provisions that demand the cooperation of the industry and consumer associations. Codes are acknowledged by supervisors and statutory consumer bodies in some other jurisdictions, such as Australia and Malaysia. A selection of codes of conduct for the insurance sector is presented in Table 5. The exact institutional arrangement depends on legislation (for instance, whether there is provision for the legal institution of a statutory code). In some European legislation, it is remarked that the existence of codes alone is not sufficient for full compliance (COE Convention). Table 5. Selected Codes of Conduct for the Insurance Sector Country Institution Code of Conduct Australia National Insurance Brokers’ Association General Insurance Brokers’ Code of Practice Insurance Council of Australia General Insurance Code of Practice Financial Planning Association Financial Planners’ Code of Ethics and Rules of Professional Conduct India Life Insurance Council of India Code of Best Practice for Indian Life insurers Malaysia Life Insurance Association of Malaysia Code of Ethics and Conduct (approved by Bank Nagara) Various codes, including developing a register of insurance agents and insurance brokers against whom complaints have been made; Russia Russian Association of Motor Insurers rules of professional conduct entitled ―Improving the level of service in the MTPL market‖; rules covering the review of claims made by victims and the payment of compensation. South Africa Life Offices’ Association of South Africa Code of Conduct - 24 chapters covering a range of products and activities. UK Association of British Insurers Various codes and guidance notes, including Statement of Best Practice for Long-term Care Insurance, Code of Practice for Endowment Policy Reviews, Statement of Best Practice for Critical Illness Insurance, Best Practice Guide on With-Profit Bonds. Source: World Bank research and Financial Sector Assessment Programs (FSAPs) A.4. Other Institutional Arrangements a. There should be a balance between prudential supervision and consumer protection. b. The judicial system should provide credibility to the enforcement of the rules on financial consumer protection. c. The media and consumer associations should play an active role in promoting financial consumer protection. In countries where insurers fall under the supervision of a body with both market conduct and prudential responsibilities, a balance needs to be found. For instance, in the UK, the FSA is responsible for capital requirements and consumer matters. Similar duties are held by the National Association of Insurance Commissioners‘ (NAIC) certified state insurance departments 52 in the US. On-site inspectors are required to examine both prudential and market conduct aspects of their charges. Both the FSA and many state supervisors in the US provide web-based support to insurance consumers.46 Theoretically it is better to separate these roles (e.g. the Wallis Inquiry – Australia), but institutional reality in many countries means that the prudential supervisor becomes the default recourse for consumers until financial markets have relatively deep penetration into the household sector and formal ombudsmen or equivalents are established (e.g. the UK and Australia47). Media and consumer associations often play a very active role in promoting financial consumer protection in most industrial countries. In all European countries, there are consumer associations that also deal with financial services, and an overview is provided by the European Commission.48 If, as under Article 7 of Decision No. 20/2004/EC, specific criteria are fulfilled, an organization might be even supported financially by the EU (this holds for two organizations as of August 2008, the European Consumers‘ Organization (BEUC) and the European Association for the Co-ordination of Consumer Representation in Standardization (ANEC). Further, the EC has created several consultative bodies, such as the Financial Services Consumer Group, a sub-group of the already existing European Consumer Consultative Group.49 These are permanent committees that encompass representatives of consumer organizations from each of the Member States. They are particularly asked to ensure that consumer interests are properly taken into account in EU financial services policy. Worldwide addresses of consumer associations can be found on the website of Consumers International.50 A.5. Bundling and Tying Clauses Whenever an insurer contracts with a merchant or credit grantor (including banks and leasing companies) as a distribution channel for its contracts, no bundling (including enforcing adhesion to what is legally a single contract), tying or other exclusionary dealings should take place without the consumer being advised and able to opt out. Consumer protection can be used to avoid market power abuse by the dominant players. 51 Vertical restraints between companies of different industries include anti-competitive tying and bundling. Cross-selling that constitutes bundling or tying can have positive demand and supply- side effects, but may also hamper competition and customer mobility. Bundling is the sale of two goods together in a bundle. Firms bundle for several reasons (including economies of scope, price discrimination, demand management or leverage of market power into other market segments). Bundling of faux insurance products has also been used to disguise the real price of associated credit or goods, particularly in Civil Code countries where the doctrine of adhesion applies. Bundling is not per se anti-competitive, but can reduce competition and limit consumer choice, especially if there is a condition to purchase good B together with good A (for instance, a mortgage contract together with payment insurance). 46 See for example the New Jersey Department of Banking and Insurance, Division of Insurance – Consumer Protection Services, http://www.nj.gov/dobi/enfcon.htm. 47 See Australian Financial Ombudsman Service, http://www.fos.org.au/centric/home_page.jsp. 48 See http://ec.europa.eu/consumers/cons_org/associations/index_en.htm 49 The website of the sub-group can be found at http://ec.europa.eu/internal_market/finservices-retail/fscg/index_en.htm 50 See http://www.consumersinternational.org/Templates/Internal.asp?NodeID=97533 51 Bakker, M. R. and A. Gross, Development of Non-bank Financial Institutions and Capital Markets in European Union Accession Countries, World Bank Working Paper No. 28, 2004 53 Positive effects on the demand side exist, when the price of bundled/tied services is lower for consumers than for unbundled goods and if convenience is increased. Supply-side effects may result from reduced costs of providing bundled services. Bundling, however, can increase pricing complexity and reduce market transparency. Thus, competitive strategies of firms do have implications for consumer protection. Bundling further has the potential to render price comparisons impossible. Two criteria are important: (i) the limitation of consumer choice, and (ii) whether other competitors are hindered. In the EU, bundling and tying practices in competition policy refer to Article 81 and Article 82 of the EC Treaty. Bundling and tying that limits consumer choice is widespread in markets with weak competition enforcement and should therefore be one of the components to be evaluated when conducting diagnostic reviews of consumer protection. B. Disclosure and Sales Practices B.1. Sales Practices a. Insurers should be held responsible for product-related information provided to consumers by their agents (i.e. those intermediaries acting for the insurer). b. Consumers should be made aware of whether the intermediary selling them an insurance contract (known as a policy) is acting for them or for the insurer (i.e. in the latter case they have an agency agreement with the insurer). c. If the intermediary is a broker (i.e. acting on behalf of the consumer) then the consumer should be advised at the time of initial contact with the intermediary if commission will be paid by the underwriting insurer. The consumer should have the right to require disclosure of the commission and other costs paid to an intermediary for long-term savings contracts. The consumer should always be advised of the amount of commission and any other expenses paid on single premium investment contracts. d. An intermediary should not be allowed to identically fill broking and agency roles for a given general class of insurance (i.e. life and disability, health, general insurance, credit insurance). e. Sanctions, including meaningful fines and, in the case of intermediaries, loss of license, should apply for breach of any of the above provisions. The main sources of guidance on insurance sales practices in the EU are the consolidated Life Assurance Directive (Chapter 4 and Annex III), the numerous directives covering non life insurance and motor insurance and the Mediation Directive. Annex III of the Life Assurance Directive in particular requires that life insurance consumers are advised of recourse mechanisms at the time of sale. Some EU members such as the UK have disclosure and sales practices that are substantially stronger than those of the Life Assurance Directive and the Mediation Directive, including requiring that full records (sometimes including recordings) of sales transactions are maintained. Other important directives include: EU Directive on the Distance Marketing of Financial Services, 2002/65/EC; EU Directive on Comparative Advertising, 1997/55/EE; and EU Directive 54 on Unfair Commercial Practices, 2005/29/EC, which sets out misleading practices (Articles 6 and 7) with 23 examples in the Annex, and aggressive practices (Articles 8 and 9) with 8 examples. In Article 10, it is explicitly stated that unfair commercial practices may be controlled through codes of conduct. Further, there can be recourse to out-of-court settlement, but the latter shall not be seen as equivalent to judicial or administrative recourse. Outside the EU and its affiliates, the main sources of regulation are again the common law industrial countries, the US and Australia in particular, although there appear to be issues in the US for ―force placed insurance‖ (i.e. where a lending institution is the policyholder and beneficiary and passes on the cost to its customer). Canada has relied to a greater extent on widely publicized and accessible industry codes of ethics and a long established consumer inquiries center.52 B.2. Advertising and Sales Materials a. Insurers should ensure their advertising and sales materials and procedures do not mislead customers. Regulatory limits should be placed on investment returns used in life insurance value projections. b. Insurers should be legally responsible for all statements made in marketing and sales materials they produce related to their products. c. All marketing and sales materials should be easily readable and understandable by the general public. Several directives in Europe hold financial institutions responsible for the content of their public announcements. These are the Directive on the Distance Marketing of Financial Services 2002/65/EC and the Directive on Comparative Advertising 1997/55/EEC. The treatment of wordings in insurance sales material and contracts is most developed in common law countries, where case law has supported the introduction of such concepts as plain meaning interpretations (consensus ad idem), violation of good faith and fair dealing (mala gestio), and bans on warranty clauses that can enable insurers to avoid claims. Common law countries again have more scope to deal with the enormous range of potential transaction types that can arise under property, liability (tort) and credit-related insurance arrangements. Civil code countries tend to rely on specific sections of their Civil Codes or separate Contracts Law (Law of Obligations) and sometimes on strict regulatory/supervisory oversight of transaction and sales material. Thus, courts in common law countries are able to bring all relevant material, including sales documents, to bear in arriving at a judgment. This in turn eventually affects the regulatory environment, while supporting an innovative and competitive market. B.3. Know Your Customer (KYC) The sales intermediary or officer should be required to obtain sufficient information about the consumer to ensure an appropriate product is offered. Formal ―fact finds‖ should be specified for long-term savings and investment products and they should be retained and be available for inspection for a reasonable number of years. 52 See http://www.insurance-canada.ca/index.php. 55 The FSA has pioneered KYC concepts in the insurance sector.53It defines KYC (in the consumer protection as opposed to the money laundering sense) as follows: ―Know your customer (KYC). In the context of advising customers, this is also known as 'factfinding'. It refers to obtaining sufficient information about a customer's personal and financial situation before giving the advice.‖54 KYC standards in the money laundering sense should be implemented by the national supervisory authorities, whereby financial institutions have different degrees of freedom to design their own customer acceptance policies. The key elements of the policy as it relates to the insurance sector can be found in IAIS ICP 28 – Anti Money Laundering, Combating the Financing of Terrorism, which specifically acknowledges the role of the FATF. In practice, and despite the huge international financial flows the insurance sector generates (part of which is known to involve funds transfer), this sector has been relatively untouched by the AML/ CFT community. B.4. Cooling-off Period There should be a reasonable cooling-off period associated with any traditional investment or long-term life savings contract, after the policy information is delivered, to deal with possible high pressure selling and mis-selling. Cooling-off periods (also known as free look periods) are seen primarily as a consumer protection mechanism, although it has been argued that they are also economically efficient.55 The right of withdrawal is enshrined in the Article 6 of the Distance Marketing of Consumer Financial Services Directive. According to its provisions, the consumer has the right to withdraw from a contract without penalty and without giving any reasons. The periods vary with product and are longer for insurance contracts and pension products. The period of withdrawal typically begins with the conclusion of the contract and typically is in the range of two weeks (14 calendar days as stated in the aforementioned directive). The EU Life Assurance Directive specifies a cooling off period of between 14 and 30 days after the ―contract has been concluded‖. Cooling-off periods are not uncommon for long-term insurance products (i.e. life insurance) in industrial countries and some emerging markets, such as Singapore, and cover a relatively wide range of insurance products in others, such as Australia.56 Typically cooling-off periods for long- term insurance products are longer than cooling-off periods for securities (including investment- linked life contracts) because of the onerous early termination penalties that apply to many traditional life insurance savings contracts. In other countries such as Japan, certain products such as variable annuities have cooling-off periods incorporated into their products design. 53 See for example Chapter 14 of FSA, Reforming Conduct of Business Regulation, Consultation Paper, October 2006, available at http://www.fsa.gov.uk/pubs/cp/cp06_19.pdf 54 See http://www.fsa.gov.uk/smallfirms/your_firm_type/credit/library/jargon.shtml 55 Rekaiti, P. and Van den Bergh, R. ―Cooling-Off Periods in the Consumer Laws of the EC Member States. A Comparative Law and Economics Approach‖, Journal of Consumer Policy, November 2004 56 See http://www.asic.gov.au/fido/fido.nsf/byheadline/Cooling+off+rights?openDocument). 56 B.5. Key Facts Statement A Key Facts Statement should be attached to all sales and contractual documents, disclosing the key factors of the insurance product or service in large print. The key facts (and features if intermediary and product are differentiated) requirements are most developed in the UK and reflect the political response to a number of very public scandals, including Equitable.57 Key facts statements are also known as initial disclosure documents or IDDs58. In other countries (e.g. Australia), standardized B2C insurance contracts are established by law, with the right of derogation provided that this is fully disclosed. Some states in the US specifically ban certain wordings (such as warranty clauses) that would enable an insurer to avoid an otherwise legitimate claim. Some US states also lead the way in applying fair dealing concepts. B.6. Professional Competence a. Sales personnel and intermediaries selling and advising on insurance contracts should have sufficient qualifications, depending on the complexities of the products they sell. b. Educational requirements for intermediaries selling long-term savings and investment insurance products should be specified, or at least approved, by the regulator or supervisor. The standard of service delivery depends not only on the product but also on the knowledge and technical know-how of the individual delivering the service. Since the sales person is the direct link between the intermediary or the insurer and the customer, the sales personnel should be properly qualified and knowledgeable about the products that they are selling. Financial products are becoming increasingly complicated. Thus, it is important that consumers fully understand these complex products before buying them. B.7. Regulatory Status Disclosure a. In all of its advertising, whether by print, television, radio or otherwise, an insurer should disclose: (a) that it is regulated, and (b) the name and address of the regulator. b. All insurance intermediaries should be licensed and proof of licensing should be readily available to the general public, including through the internet. This is in line with responsible and fair commercial practices. The status disclosure is important to signal the trustworthiness of the company and indicate the authority that regulates it. B.8. Disclosure of Financial Situation a. The regulator or supervisor should publish annual public reports on the development, health, strength and penetration of the insurance sector either as a special report or as part of the disclosure and accountability requirements under the law governing it. b. Insurers should be required to disclose their financial information to enable the general public to form an opinion with regards to the financial viability of the institution. 57 See http://www.moneymadeclear.fsa.gov.uk/home.html. 58 See http://www.fsa.gov.uk/pubs/other/icob_forms/icob4_annex1.pdf 57 c. If credible claims paying ability ratings are not available, the regulator or supervisor should periodically publish sufficient information on each insurer for an informed commentator or intermediary to form a view of the insurer’s relative financial strength. IAIS ICP 26 (Information, Disclosure and Transparency towards the Market) covers disclosure and is summarized as follows: ―The supervisory authority requires insurers to disclose relevant information on a timely basis in order to give stakeholders a clear view of their business activities and financial position and to facilitate the understanding of the risks to which they are exposed.‖ Virtually every country requires insurers to publish their annual financial statements (or more often summaries thereof) in the print media at least annually. In most industrial and emerging markets, the leading insurers already have websites that include their product offerings and periodic financial statements, including annual reports. Unfortunately, accounting and actuarial standards are still not at international levels in the majority of emerging and developing countries. In industrial countries the relevant IFRS remains mired in controversy, particularly in accounting for the fair value of liabilities. Regardless of context, a high degree of sophistication is required to interpret the financial information provided. As a fallback, some countries (e.g. Pakistan) require that claims paying ability be rated for all insurers, although the relevant rules do not always specify that international rating agencies should be employed. More detailed technical data are available in some industrial countries, most notably in the US, although in other countries (e.g. Australia) certain information such as claims run-off triangles has been withdrawn under industry pressure. C. Customer Account Handling and Maintenance C.1. Customer Account Handling a. Customers should receive periodic statements of the value of their policy in the case of insurance savings and investment contracts. For traditional savings contracts, this should be provided at least yearly, however more frequent statements should be produced for investment-linked contracts. b. Customers should have a means to dispute the accuracy of the transactions recorded in the statement within a stipulated period. c. Insurers should be required to disclose the cash value of a traditional savings or investment contract upon demand and within a reasonable time. In addition a table showing projected cash values should be provided at the time of delivery of the initial contract and at the time of any subsequent adjustments. d. Customers should be provided with renewal notices a reasonable number of days before the renewal date for non-life policies. If an insurer does not wish to renew a contract it should also provide a reasonable notice period. e. Claims should not be deniable or adjustable if non-disclosure is discovered at the time of the claim but is immaterial to the proximate cause of the claim. In such cases, the claim may be adjusted for any premium shortfall or inability to recover reinsurance. 58 f. Insurers should have the right to cancel a policy at any time (other than after a claim has occurred – see above) if material non-disclosure can be established. Insurance law rarely deals with customer account handling in any detail – partly reflecting the huge variation in insurance arrangements that are possible. The EU Life Assurance Directive does require that policyholders are advised of bonus developments, but this does not appear to mean that individual policyholders are regularly advised of the cash value of their contracts. The heavy selling costs associated with traditional life insurance products often means that a contract has no value for some years and there are strong incentives for the life insurance sector to resist cash value disclosure for the first 5 or more years a contract is in force. As markets develop, insurers tend to unbundle the pure risk, and savings/investment components of long-term contracts and disclosure standards often improve. D. Privacy and Data Protection D.1. Confidentiality and Security of Customers’ Information Customers have a right to expect that their financial transactions are kept confidential. The law should require insurers to ensure that they protect the confidentiality and security of personal data, against any anticipated threats, or hazards to the security or integrity of such information, and against unauthorized access. The confidentiality of personally identifiable information, that is any information about an identified or identifiable individual, is protected under several international statutes, such as the OECD Guidelines governing the protection of privacy and trans-border flows of personal data (Article 2 Scope of Guidelines) and the UN Guidelines for the regulation of computerized personal data files, adopted by the General Assembly on 14 December 1990 (Section A Principles concerning the minimum guarantees that should be provided in national legislations). Further, important statutes are the EU Directive on the Protection of Individuals with regard to the Processing of Personal Data 1995/46/EC (Chapter 1, Articles 1-3), the COE Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data (ETS No. 108, 28 January 1981, Chapter 1 General Provisions) and the APEC Privacy Framework (Part ii, Scope). Technical security is also demanded under the above guidelines and directives. A more detailed guideline on such security has been provided by the OECD Guidelines for the Security of Information Systems and Networks: Towards a Culture of Security. In the US, the FTC established guidelines in form of Standards for Safeguarding Customer Information, which obligates financial institutions to hold customer information secure and confidential.59 The use of medical and genetic (biometric) information for the acceptance/ decline and rating of life-related risks is now a major area of debate, but is not within the scope of this note. 59 The document can be downloaded from the FTC’s website: http://www.ftc.gov/os/2002/05/67fr36585.pdf 59 E. Dispute Resolution Mechanisms E.1. Internal Dispute Settlement a. Insurers should provide an internal avenue for claim and dispute resolution to policyholders. b. Insurers should designate employees to handle retail policyholder complaints. c. Insurers should inform their customers of the internal procedures on dispute resolution. d. The regulator or supervisor should provide oversight on whether insurers comply with their internal procedures on consumer protection rules. Insurers should have written policies in place for dispute settlement. A written policy should hold the insurer liable for the announced policy. This policy should offer contact points for the consumer that are accessible during business hours without undue waiting times, state in plain language the main steps of customer dispute resolution, provide firm and reasonable timelines, guarantee fairness in handling a customer dispute, state the coordination with any ombudsman and/or supervisory authority, and explain in plain language the consumer‘s rights in the process. Consumer dispute settlement should not lead to unreasonable costs in terms of time and money for the consumer. The EU Life Assurance Directive requires that policyholders are advised of their right of recourse; however specific provisions of this type are uncommon in insurance law. Consumer protection law sometimes does provide for notification of rights, although insurance transactions may be excluded in certain circumstances (e.g. the latest version of the Croatian Consumer Protection Act, Official Gazette 125/2007). E.2. Formal Dispute Settlement Mechanisms a. A system should be in place that allows consumers to seek affordable and efficient third- party recourse, which could be an ombudsman or tribunal, in the event the complaint with the insurer cannot be resolved to the consumer’s satisfaction in accordance with internal procedures. b. The role of an ombudsman or equivalent institution vis-à-vis consumer disputes should be made known to the public. c. The ombudsman or equivalent institution should be impartial and act independently from the appointing authority and the industry. d. The decisions of the ombudsman or equivalent institution should be binding upon the insurers. The mechanisms to ensure the enforcement of these decisions should be established and publicized. Few customers have the knowledge to realize that their rights have been infringed and even if they become aware of this, they typically have few avenues to pursue their claims. Thus insurers should be mandated to have an internal dispute resolution or complaint handling mechanism, which provides a first level dispute resolution mechanism. Unless there are voluntary consumer associations that have the resources and skills to assist customers with their complaints or legal actions against insurers, consumers do not have many venues to seek redress. 60 The absence of small claims courts, as is the case in many countries, prevents an affordable means for the average customer to bring action against sellers, service providers and corporations. Thus, it is not surprising that a specialized insurance Ombudsman or insurance claims and inquiries service (sometimes as part of an omnibus Ombudsman service as in the UK) is increasingly regarded as a fundamental requirement for sound consumer protection. It can be difficult for an Ombudsman to effectively mediate and ameliorate the problems faced by policyholders without clear codes of insurance practice and standardized contracts. One of the most advanced systems is now to be found in Australia, where an SRO-based insurance inquiries and complaints resolution system has evolved into a fully fledged financial sector ombudsman.60 F. Guarantee Schemes and Insolvency F.1. Guarantee Schemes and Insolvency a. With the exception of schemes covering mandatory insurances, guarantee schemes are not to be encouraged for insurance because of the opaque nature of the industry and the scope for moral hazard. Strong governance and supervision are better alternatives. b. Nominal defendant arrangements should be in place for mandatory insurances such as motor third party liability insurance. c. Assets covering life insurance mathematical reserves and investment contract policy liabilities should be segregated or at the very least earmarked, and long-term policyholders should have preferential access to such assets in the event of a winding-up. Non life insurance is typically subjected to normal commercial wind-up rules in the event of insurer insolvency, and the subsequent claims settlement process is usually handled by specialist run-off companies. Policyholders normally arrange new coverage with the remaining solvent insurers in the market concerned. However, most countries do have claims guarantee arrangements for mandatory consumer classes, such as motor third party insurance. These cover claims that cannot be settled due to insurer bankruptcy or because the guilty driver/ vehicle cannot be identified (i.e. the guarantee fund acts as ―nominal defendant‖). Life insurance is also often deemed to require supplementary arrangements because it can represent a significant asset for the individual or household and may also serve as loan collateral. In this case the usual protection is primarily afforded through separation of life and non life insurers and strong prudential oversight. However, composites (insurers writing both life and non life policies) have been grandfathered in numerous countries and special additional arrangements are required in this situation. This may range from the relatively weak EU Directive on Reorganization and Winding-up of Insurance Undertakings, which requires that the assets covering defined life insurance liabilities are earmarked, to the requirement that completely separate statutory funds are maintained, as in South Africa, Pakistan and Australia. In addition, life policyholders normally rank very high in terms of creditor priority. Most countries also either specify investment limits for the assets covering life insurance mathematical reserves or, where risk-based supervision already operates, require that capital allocated reflects the risk characteristics of the asset portfolio. 60 http://www.fos.org.au/centric/home_page.jsp 61 G. Consumer Empowerment G.1. Unbiased Information for Consumers a. Consumers, especially the most vulnerable, should have access to sufficient resources to enable them to understand financial products and services available to them. b. Financial regulators should provide, via the internet and printed publications, independent information on the key features, benefits and risks--and where practicable the costs–of the main types of financial products and services. c. Non-governmental organizations should be encouraged to provide consumer awareness programs to the public regarding financial products and services. See annotation of good practice G.4 for banking institutions. G.2. Measuring the Impact of Financial Capability Initiatives a. Policymakers, industry and advocates should understand the financial capability of various market segments, particularly those most vulnerable to abuse. b. The financial capability of consumers should be measured through a broad-based household survey that is repeated from time to time. c. The effectiveness of key financial capability initiatives should be evaluated. See annotation of good practice G.6 for banking institutions. 62 IV. NON-BANK CREDIT INSTITUTIONS Consumer finance provided by non-bank credit institutions is an ever more important segment of the credit market. Countries follow different approaches in the regulation of non-bank credit institutions. Some fall under the supervision of the central bank or banking supervisory agency. Others are under the economic development ministry. Non-bank credit institutions conduct consumer lending in most cases without taking cash deposits from the public. Thus they fall outside the scope of prudential regulation. The range of legal forms of the non-bank credit institutions varies, but typically they encompass consumer finance companies (including credit card companies), leasing firms,61 mortgage lenders and pawn shops or credit cooperatives.62 Depending on the country, there may be difficulties in identifying non-bank credit institutions. Government authorities should establish mechanisms that ensure the identification of all non- bank credit institutions. A number of undesirable industry practices by non-bank credit institutions can be avoided through strengthening consumer rights. These include predatory lending, discriminatory pricing, poor disclosure of costs of products and misleading advertisement. Further, tying and bundling practices can limit a consumer’s choice and mobility. Legislation with regards to non-bank credit institutions is especially developed in Europe and in the US. Thus the examples and background for the good practices are primarily drawn from European and US legislation, but they also rely on guidelines and guidance from international institutions such as the BIS as noted in Table 6. Table 6. Overview of Consumer Protection Regulation for Non-Bank Credit Institutions Institution Laws, Regulations, Directives and Guidelines UN UN Guidelines for the Regulation of Computerized Personal Data Files adopted by the General Assembly Resolution 45/95 of 14 December 1990 OECD Guidelines for the Security of Information Systems and Networks: Towards a Culture of Security, 2002 Guidelines on the Protection of Privacy and Transborder Flows of Personal Data, 1980 BIS Basel Committee on Banking Supervision, Consolidated KYC Risk Management, October 2004 Basel Committee on Banking Supervision, Customer Due Diligence for Banks, October 2001 APEC APEC Privacy Framework, 2005 EU Directive on Consumer Credit, 1998/7/EC, amending Directive 87/102/EEC Directive on Consumer Credit, 2008/48/EC Directive on Credit Agreements for Consumers, 2008/48/EC, repealing Directive 87/102/EEC 61 Leasing is captured in the good practices where it is allowed to be directly provided to private persons for purposes other than professional (i.e. for consumption purposes). 62 The good practices exclude microfinance due to the professional purposes for which credits are granted. The report uses the definition of the retail market as those economic transactions made between economic operators and final consumers. The retail market is sometimes called the business-to-consumer (or ―B2C‖) market. This market does not include businesses--however small--in their role as purchasers of financial services. 63 Institution Laws, Regulations, Directives and Guidelines Directive on Unfair Terms in Consumer Contracts, 1993/13/EEC Directive concerning Unfair Business-to-Consumer Commercial Practices in the Internal Market, 2005/29/EC Directive on the Protection of Individuals with regard to the Processing of Personal Data and on the Free Movement of such data, 1995/46/EC Directive Concerning Processing Personal Data and Protection of Privacy in the Electronic Communication Sector, 2002/58/EC Directive on Protection of Consumers in Respect of Distance Contracts, 1997/7/EEC Directive on the Distance Marketing of Consumer Financial Services, 2002/65/EC Directive on Markets in Financial Instruments, 2004/39/EC (MiFID) Treaty establishing the European Community (EC Treaty), 1957 as amended COE Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data (ETS No.108 of 28 January 1981, entered into force on 01 October 1985) and Explanatory Report US Consumer Credit Protection Act (15 USC, Chapter 41), 1968 Truth In Lending Act (TILA) (15 USC § 1601), 1968 Fair Credit Billing Act (15 USC § 1637), 1968 Fair Credit Reporting Act (15 USC § 1681), 1970 Equal Credit Opportunity Act (15 USC §§ 1691 - 1691e), 1974 Federal Trade Commission Act (15 U.S.C. §§ 41-58), 1914 Fair Credit Debt Collection Act (15 USC §§ 1692 - 1692o), 1977 FTC – Standards for Safeguarding Customer Information, 2002 A. Consumer Protection Institutions A.1. Consumer Protection Regime The law should provide for clear rules on consumer protection in the area of non-bank credit institutions, and there should be adequate institutional arrangements for implementation and enforcement of consumer protection rules. a. There should be specific provisions in the law, which create an effective regime for the protection of consumers of non-bank credit institutions. b. The supervisory authority for non-bank credit institutions should have a register which lists the names of non-bank credit institutions. c. The rules should acknowledge the role for the private sector, including voluntary consumer organizations and self-regulatory organizations. Good practices demand that non-bank credit institutions are supervised for consumer protection purposes, in order to avoid eroding existing rules in banking by reaping regulatory arbitrage in providing financial services simply under a different institutional category. 64 Non-bank credit institutions in Europe are not exempted from consumer protection provisions, which exist especially in the EU Directive 2008/48/EC on Credit Agreements for Consumers, repealing Directive 87/102/EEC. However, the enforcement of the law differs from country to country and depends on the national institutional circumstances. In general, the industry is free to create its own codes of conduct, which are not specifically demanded by the above quoted directives. A.2. Code of Conduct for Non-Bank Credit Institutions a. There should be a principles-based, statutory code of conduct for non-bank credit institutions that is devised in consultation with the non-bank credit industry and with relevant consumer associations, and is monitored and enforced in the last resort by a statutory agency. b. Non-bank credit institutions should publicize the statutory code to the general public through appropriate means. c. The statutory code should be limited to good business conduct principles. It should be augmented by voluntary codes on matters specific to the industry (credit unions, credit cooperatives, other non-bank credit institutions). In European legislation, neither there is a specific demand for establishing codes of conduct on lending, nor are there provisions that demand the cooperation of the industry and consumer associations. However, there are principles-based codes, such as from the Finance & Leasing Association in the UK. This code, which holds for a number of products (e.g. loans, store cards, credit cards, personal loans), covers lending and information and marketing practices. Table 7 lists lending codes of conduct in ten European countries. Table 7. Selected Codes of Conduct for Lending in Europe Country Original Title Belgium Code of Conduct Comment changer de banque facilement Bulgaria Ethical Code Cyprus Code of Banking Conduct Code for Conduct between Banks and Small and Medium-sized Enterprises Czech Republic Code of Conduct on Relations Between Banks and Clients Ethical Code of the Czech Banking Association Finland Good Banking Practice Hungary Code of Ethics Ireland Business Account Switching Code Code of Practice on Switching Accounts Code of Practice on Mortgage Arrears Luxembourg Consumer Protection Code Netherlands Code of Conduct for the Processing of Personal Data by Financial Institutions Code of Conduct on Mortgage Credit Switch Support Service 65 Country Original Title UK Banking Code Business Banking Code Code of Conduct for the Advertising of Interest Bearing Accounts Code of Conduct of the Finance & Leasing Association Europe European Agreement on a Voluntary code of conduct Pre-contractual Information for Home Loans Source: European Credit Research Institute The institutional arrangements depend on legislation (for instance, whether it provides for the legal institution in terms of a statutory code). However the COE Convention on the protection of personal data notes that the existence of codes alone is not sufficient for full compliance. A.3. Other Institutional Arrangements a. There should be a balance between supervision and consumer protection in the banking supervisory agency. b. The judicial system should provide credibility to the enforcement of the rules on financial consumer protection. c. The media and consumer associations should play an active role in promoting financial consumer protection. In countries where non-bank credit institutions fall under supervision of the banking regulator, such supervision should be equally balanced with consumer protection. At the same time, an effective court system is also needed for credible enforcement of the rules. Media and consumer associations play a very active role in promoting consumer financial protection in Europe, including with regards to non-bank financial institutions. In all European countries, there are consumer associations that deal with financial services.63 Organizations might even be supported financially by the EU if specific criteria are fulfilled (Article 7 of the EU Decision No. 20/2004/EC establishing a General Framework for Financing Community Actions in support of Consumer Policy for the Years 2004 to 2007 and Article 5 of the EU Decision No. 1926/2006/EC establishing a Programme of Community Action in the field of Consumer Policy 2007-2013). This is the case for two organizations as of August 2008, ANEC and BEUC. Furthermore the EC has created several consultative bodies, such as the Financial Services Consumer Group, a sub-group of the already existing European Consumer Consultative Group.64 Permanent committees encompass representatives of consumer organizations from each of the EU Member States. They are specifically asked to ensure that consumer interests are properly taken into account in the EU financial services policy. Another group is the European Consumer Debt Network, a network of debt counselors in different countries. Addresses of worldwide consumer associations can be found on the website of Consumers International.65 63 For an overview see: http://ec.europa.eu/consumers/cons_org/associations/index_en.htm 64 See http://ec.europa.eu/internal_market/finservices-retail/fscg/index_en.htm 65 See http://www.consumersinternational.org/Templates/Internal.asp?NodeID=97533 66 A.4. Registration of Non-Bank Credit Institutions All financial institutions that extend any type of credit to households should be registered with a financial supervisory authority. The authority should have the power to set criteria and reject applications for establishments that do not meet the standards set. The authority should verify that the significant owners (and those who control ownership), as well as the senior managers of the financial institutions, satisfy minimal fit and proper requirements, including no history of bankruptcy or criminal conviction. B. Disclosure and Sales Practices B.1. Know Your Customer (KYC) Non-bank credit institutions should gather, file or record sufficient information appropriate to the risk of the transaction, the nature and complexity of the product or service being sought by the consumer. The Basel Committee on Banking Supervision of the BIS sets the international guidelines on KYC policies for credit institutions. According to the Basel Committee‘s Customer Due Diligence for Banks, absence of such policies may subject banks and other financial institutions to severe reputational, operational, legal and concentration risks. Although non-bank financial institutions that are not deposit-taking can not be used for money laundering, identification of customers is in their interest due to high fraud risk. KYC standards should be implemented by the national supervisory authorities, whereby financial institutions have different degrees of freedom to design their own customer acceptance policies. The key elements of the policy have been described in several documents.66 Typically, the degree of due diligence depends on the risks associated with the transaction and the particular client.67 For instance, for identification, one standard is to use the ‗most difficult to obtain illicitly and to counterfeit‘ documents such as government-issued identity documents. In some developing countries, regulators have started to experiment with a decrease in KYC requirements for small transaction accounts (e.g. in India, Maldives and South Africa, among others). However, there are no international guidelines about how this is best conducted. 66 See the following documents of the Basel Committee on Banking Supervision: The Prevention of Criminal Use of the Banking System for the Purpose of Money Laundering, 1988; Core Principles for Effective Banking Supervision, 1997 revised in 2006; Core Principles Methodology, 1999. 67 According to the Basel Committee’s Customer Due Diligence for Banks, ―customer‖ includes both natural persons and legal entities, represented by agents whose identity also has to be verified, as well as trustees, beneficial owners or main shareholders. 67 B.2. Affordability Non-bank credit institutions should ensure that, under consideration of relevant information (disclosed by the consumer or third parties), any product or service offered to a consumer is adequately based upon affordability. Affordability looks at whether a consumer can afford additional debt obligations once the monthly income net of financial and living expenses (including rent or mortgage payments) is considered. Households might have different tolerances with respect to the share of current income they want to devote to debt-servicing. Assessment of affordability differs from that of creditworthiness. Creditworthiness involves estimating default or delinquency risks and is a component of responsible lending. In the EU Consumer Credit Directive (Article 8), this concept includes the requirement to obtain information from the consumer as well as the relevant database, such as a credit bureau. In some Member States, the latter is even required. Creditworthiness should be re-assessed before any significant increase in the amount of credit. The provisions of the EU Consumer Credit Directive hold for all lenders, including non-bank credit institutions. Products covered include all credit contracts between €200- €75.000.68 The provisions only apply to contracts in which the consumer has to pay interest. Deferred payment cards and mortgage credit are not included. In addition, in the US, a number of new consumer protection provisions have been proposed for the Federal Reserve Board‘s Unfair or Deceptive Acts or Practices (Regulation AA), the Truth in Lending Act and the Truth in Savings Act. As of mid-July 2008, the Federal Reserve Board has approved measures to ensure responsible lending in mortgage markets. One of the key provisions is a lender‘s responsibility to assess the repayment ability of a borrower by checking income and other assets, excluding the home‘s value. In South Africa, over-indebtedness, reckless lending and debt counseling are regulated in Chapter 3 Part D of the National Credit Act Regulations of May 31, 2006. This legislation regulates what information should be sent to the National Credit Register as well as what information should be submitted to debt counselors. Under Part D, 24 (7), a consumer is considered to be over-indebted if his or her total monthly debt payments exceeds the balance derived by deducting the minimum living expenses from the net income. B.3. Cooling-off Period Unless explicitly waived by the consumer in writing, there should be a cooling-off period associated with all credit products. The right of withdrawal is enshrined in Article 6 of the Distance Marketing of Financial Services Directive. According to the provisions, the consumer has the right to withdraw from a contract without penalty and without giving any reasons. The periods vary with product and are longer for insurance contracts and pension products, which involve long-term savings and may be subject to distribution systems such as ―multi-level selling‖, which are often associated with high-pressure sales tactics. The period of withdrawal typically begins with the conclusion of the contract and is usually in the range of two weeks (14 calendar days as stated in the EU Directive). The length of the cooling-off period should relate to the type of financial product being sold and should not apply to market-sensitive products such as foreign exchange, money market 68 Guarantors are excluded. 68 instruments, transferable securities, and financial future contracts, swaps and options. The right to withdrawal (cooling off) does not apply to credit intended for land property or for mortgages. B.4. Bundling and Tying Clauses Whenever a non-bank credit institution contracts with a merchant as a distribution channel for its credit contracts, no bundling, tying or other exclusionary dealings should be permitted. Cross-selling that constitutes bundling or tying can have positive demand and supply-side effects. However bundling may also hamper competition and customer mobility. Bundling is the sale of two goods together. Firms bundle for several reasons, such as economies of scope, price discrimination, demand management or leverage of market power into other market segments. Positive effects on demand exist when the price of bundled/tied services is lower for consumers than for unbundled goods and if convenience is increased. Bundling is not per se anti- competitive: it only becomes anti-competitive if market power is leveraged to the detriment of competitors. However bundling can be used by financial institutions to reduce competition and limit consumer choice, especially if there is a condition to purchase good B together with good A (for instance, a mortgage contract together with payment insurance). Furthermore bundling can increase pricing by obscuring costs for consumers and rendering price comparisons impossible. However consumer protection can be used to avoid market power abuse by dominant players.69 Bundling that limits consumer choice is often widespread in markets with weak competition enforcement and should therefore be evaluated when conducting diagnostic reviews of consumer protection. Two criteria are important for consideration: (i) the limitation of consumer choice and (ii) whether other competitors are hindered. In the EU, bundling and tying practices in competition policy are found in Article 81 and Article 82 of the EC Treaty. B.5. Advertising and Sales Materials a. Non-bank credit institutions should ensure that their advertising and sales materials and procedures do not mislead customers. b. All advertising and sales materials should be easily readable and understandable by the general public. c. Non-bank credit institutions should be legally responsible for all statements made in advertising and sales materials. For disclosure and sales practices, one of the main policy issues relates to misleading and comparative advertisement. Several directives in Europe hold non-bank credit institutions responsible for the content of their public announcements, such as the EU Directive on the Distance Marketing of Consumer Financial Services 2002/65/EC and the EU Directive on Misleading and Comparative Advertising 2006/114/EEC. Furthermore, the EU Directive on Credit Agreements for Consumers 2008/48/EC (Article 9 on pre-contractual information) mandates what information has to be included in contracts with consumers. In the US, provisions can be found in the TILA of 1968 and the Federal Trade Commission Act (Section 5). 69 Bakker, M. R. and Alexandra Gross, Development of Non-bank Financial Institutions and Capital Markets in European Union Accession Countries, World Bank Working Paper No. 28, 2004 69 Other important provisions include the Unfair Commercial Practices Directive 2005/29/EC, which sets out misleading practices (Article 6, 7) and illustrates them with 23 examples in the Annex, and establishes aggressive practices (Article 8, 9) with 8 examples in the Annex. B.6. General Practices Disclosure and sales practices should be included in the non-bank credit institutions’ code of conduct and monitored by the supervisory authority. The Unfair Commercial Practices Directive explicitly states in Article 10 that unfair commercial practices may be controlled through codes of conduct. Further, there can be recourse to out-of- court settlement, but the latter shall not be seen as equivalent to judicial or administrative recourse. Once a code of conduct exists, non-bank credit institutions should bind themselves to fair disclosure and sales practices. B.7. Disclosure of Financial Situation a. The regulator or supervisor should publish annual public reports on the development, health, strength and penetration of the non-bank credit institutions, either as a special report or as part of the disclosure and accountability requirements under the law governing it. b. Non-bank credit institutions should be required to disclose their financial information to enable the general public to form an opinion with regards to the financial viability of the institution. Non-bank credit institutions encompass consumer finance companies (including credit card companies), leasing firms,70 mortgage lenders and pawn shops or credit cooperatives. It differs from country to country whether these institutions are under the supervision of the banking regulator. In some countries, lending to consumers is considered to be a banking activity and a license is needed to be able to conduct it. In other countries, consumer finance companies fall out of the scope of the supervision of the banking regulator. Therefore, it depends on the country whether non-bank credit institutions are covered in the banking regulator‘s report. In Europe, not all national supervisors collect statistical information on products provided by non-bank financial institutions that provide credit. The European Credit Research Institute collects these data only for a sub-sample of the countries.71 Also the typology of lenders differs. It is a good practice that the supervision of non-bank credit institutions also requires the publication of annual reports. 70 Leasing is captured in the good practices where it is allowed to be directly provided to private persons for purposes other than professional (i.e. consumption purposes). 71 With different classifications for each country, the information is available for Belgium, Germany, Spain, France, Italy, UK, Poland, US (as revolving and non-revolving credit), and Japan. 70 C. Customer Account Handling and Maintenance C.1. Statements a. Unless a non-bank credit institution receives a customer’s prior signed authorization to the contrary, the non-bank credit institution should issue, and provide the customer with, a monthly statement regarding every account the non-bank credit institution operates for the customer. Each such statement should: (i) set out all transactions concerning the account during the period covered by the statement; and (ii) provide details of the interest rate(s) applied to the account during the period covered by the statement. b. Each credit card statement should set out the minimum payment required and the total interest cost that will accrue, if the cardholder makes only the required minimum payment. c. Each mortgage or other loan account statement should clearly indicate the amount paid during the period covered by the statement, the total outstanding amount still owing, the allocation of payment to the principal and interest and, if applicable, the up-to-date accrual of taxes paid. d. A non-bank credit institution should notify a customer of long periods of inactivity of any account of the customer and provide reasonable final notice in writing to the customer if the funds are to be transferred to the government. e. When a customer signs up for paperless statements, such statements should be in an easy- to-read and readily understandable format. See annotation of good practice C.1 for banking institutions. C.2. Notification of Changes in Interest Rates and Non-interest Charges A customer of a non-bank credit institution should be notified in writing by the non-bank credit institution of any change in: a. The interest rate to be paid or charged on any account of the customer as soon as possible; b. A non-interest charge on any account of the customer a reasonable number of days in advance of the effective date of the change. The customer should have the right to exit the contract, if the revised terms are not acceptable to the customer. See annotation of good practice C.2 for banking institutions. C.3. Customer Records A non-bank credit institution should maintain up-to-date records in respect of each customer of the non-bank credit institution that contain the following: a. A copy of all documents required to identify the customer and provide the customer’s profile; b. The customer’s address, telephone number and all other customer contact details; 71 c. Any information or document in connection with the customer that has been prepared in compliance with any statute, regulation or code of conduct; d. Details of all products and services provided by the non-bank credit institution to the customer; e. A copy of all correspondence from the customer to the non-bank credit institution and vice-versa and details of any other information provided to the customer in relation to any product or service offered or provided to the customer; f. All documents and applications of the non-bank credit institution completed, signed and submitted to the non-bank credit institution by the customer; g. A copy of all original documents submitted by the customer in support of an application by the customer for the provision of a product or service by the non-bank credit institution; and h. Any other relevant information concerning the customer. A law or regulation should provide the minimum permissible period for retaining all such records and, throughout this period, the customer should be provided ready free access to all such records. See annotation of good practice C.3 for banking institutions. C.4. Debt Recovery a. No non-bank credit institution, agent of a non-bank credit institution or third party should employ any abusive debt collection practice against any customer of the non-bank credit institution, including the use of any false statement, any unfair practice or the giving of false credit information to others. b. The type of debt that can be collected on behalf of a non-bank credit institution, the person who can collect any such debt and the manner in which that debt can be collected should be indicated to the customer of the non-bank credit institution when the credit agreement giving rise to the debt is entered into between the non-bank credit institution and the customer. c. No debt collector should contact any third party about a non-bank credit institution customer’s debt without informing that party of: (i) the debt collector’s right to do so; and (ii) the type of information that the debt collector is seeking. See annotation of good practice C.7 for banking institutions. D. Privacy and Data Protection D.1. Confidentiality and Security of Customers’ Information Customers of non-bank credit institutions have a right to expect that their financial transactions are kept confidential. The law should require non-bank credit institutions to ensure that they protect the confidentiality and security of personal data, against any anticipated threats or hazards to the security or integrity of such information, and against unauthorized access. The confidentiality of personally identifiable information, that is, any information about an identified or identifiable individual, is protected under several international statutes. These include the OECD Guidelines on the protection of privacy and trans-border flows of personal 72 data (Article 2 Scope of Guidelines) and the UN Guidelines for the regulation of computerized personal data files adopted by the General Assembly on 14 December 1990 (Section A, Principles concerning the minimum guarantees that should be provided in national legislations). Other important statutes are included in the EU Directive on the Protection of Individuals with regard to the Processing of Personal Data and on the Free Movement of such data 1995/46/EC (Chapter 1, Articles 1-3); the COE Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data (ETS No.108, 28 January 1981, Chapter 1 General Provisions); and the APEC Privacy Framework (Part ii, Scope). Technical security is also demanded under the above guidelines and directives. The OECD Guidelines for the Security of Information Systems and Networks: Towards a Culture of Security offer a more detailed guideline on technical security. In the US, the FTC issued the Standards for Safeguarding Customer Information (2002), which obligates financial institutions to hold customer information secure and confidential.72 D.2. Credit Reporting For a full description of Good Practices for Credit Reporting, see Annex II. E. Dispute Resolution Mechanisms E.1. Internal Complaints Procedure Complaint resolution procedures should be included in the non-bank credit institutions’ code of conduct and monitored by the supervisory authority. Consumer finance companies should have written policies in place for complaint resolution and dispute settlement just as banks. A written policy will hold the non-bank credit institution liable for the announced policy. This policy should offer contact points for the consumer that are accessible during business hours without undue waiting times, state in plain language the main steps of customer dispute resolution, provide firm and reasonable timelines, guarantee fairness in handling the customer dispute, state the coordination with any ombudsman and/or supervisory authority, and explain in plain language the consumer‘s rights in the process. Consumer dispute settlement should not lead to unreasonable costs in terms of time and money for the consumer. E.2. Formal Dispute Settlement Mechanisms a. A system should be in place that allows consumers to seek affordable and efficient third- party recourse, which could be an ombudsman or tribunal, in the event the complaint with the non-bank credit institution is not resolved to the consumer’s satisfaction in accordance with internal procedures. 72 See http://www.ftc.gov/os/2002/05/67fr36585.pdf 73 b. The role of an ombudsman or equivalent institution vis-à-vis consumer disputes should be made known to the public. c. The ombudsman or equivalent institution should be impartial and act independently from the appointing authority and the industry. d. The decisions of the ombudsman or equivalent institution should be binding upon non- bank credit institutions. The mechanisms to ensure the enforcement of these decisions should be established and publicized. See annotation of good practice E.2 for banking institutions. F. Consumer Empowerment F.1. Unbiased Information for Consumers a. Consumers, especially the most vulnerable, should have access to sufficient resources to enable them to understand financial products and services available to them. b. Financial regulators should provide, via the internet and printed publications, independent information on the key features, benefits and risks –and where practicable the costs- of the main types of financial products and services. c. Non-governmental organizations should be encouraged to provide consumer awareness programs to the public regarding financial products and services. See annotation of good practice G.4 for banking institutions. F.2. Measuring the Impact of Financial Capability Initiatives a. Policymakers, industry and advocates should understand the financial capability of various market segments, particularly those most vulnerable to abuse. b. The financial capability of consumers should be measured through a broad-based household survey that is repeated from time to time. c. The effectiveness of key financial capability initiatives should be evaluated. See annotation of good practice G.6 for banking institutions. 74 References Akerlof, George A., ―'The Market for Lemons': Quality Uncertainty and the Market Mechanism‖ Quarterly Journal of Economics, 1970. ANZ Banking Group, ANZ Survey of Adult Financial Literacy in Australia, Melbourne, 2003 Armstrong, Mark, ―Interactions between Competition and Consumer Policy‖, Competition Policy International, Volume 4, Number 1, Spring 2008 Australian Government Publishing Service, The Financial System Inquiry Final Report (―Wallis Report‖), March 1997 Avery, B.R., R.W. Bostic, P.S. Calem and C.B. Canner, ―An Overview of Consumer Data and Credit Reporting‖, Federal Reserve Bulletin, February 2003, pp. 47-73 Bakker, M. R. and Alexandra Gross, Development of Non-bank Financial Institutions and Capital Markets in European Union Accession Countries, World Bank Working Paper No. 28, 2004 Bank for International Settlements, Committee on Payment and Settlement Systems, Retail Payment Systems in Selected Countries: a Comparative Study, September 1999 ---------, Clearing and Settlement Arrangements for Retail Payments in Selected Countries, September 2000 ---------, Policy Issues for Central Banks in Retail Payments, March 2003 ---------, General Guidance for National Payment System Development, January 2006 Bank for International Settlements, Committee on Payment and Settlement Systems, and World Bank, General Principles for International Remittance Services, January 2007 Bellman, S., E.J. Johnson, G.L. Lohse, ―On Site: to Opt-in or Opt-out?: It Depends on the Question‖, Communications of the ACM, Volume 44 , Issue 2 , February 2001, pp. 25-27 Benston, George, ―Consumer Protection as Justification for Regulating Financial Services Firms and Product‖, Journal of Financial Services Research, 17(3): 277-301, 2000 Braunstein, Saundra and Carolyn Welch, ―Financial Literacy: An Overview of Practice, Research, and Policy‖, Federal Reserve Bulletin, vol. 87, November 2002 Brown, S., G. Garino, K. Taylor and S.W. Price, Debt and financial expectations: An individual and household level analysis, Working Paper, University of Leicester, 2003 California Budget Report, Locked Out 2008: The Housing Boom and Beyond, February 2008 Canada, Report of the Task Force on the Future of the Canadian Financial Services Sector, September 1998 Cirasino, Massimo, ―The Committee on Payment and Settlement Systems and the World Bank General Principles on International Remittance Services‖, AccessFinance, Issue No. 11, May 2006 75 Cirasino, Massimo, Jose A. Garcia, Mario Guadamillas and Fernando Montes-Negret, Reforming Payments and Securities Settlement Systems in Latin America and the Caribbean, World Bank, 2007 Cole, Shawn and Gauri Kartini Shastry, If You Are So Smart, Why Aren‘t You Rich? The Effects of Education, Financial Literacy, and Cognitive Ability on Financial Market Participation, October 2007 European Commission, Communication on Financial Education COM (2007) 808 ---------, Discussion paper for the amendment of Directive 87/102/EEC concerning consumer credit ---------, EU Consumer Policy strategy 2007-2013 COM (2007) 99 final ---------, Eurobarometer 2003.5, Financial Services and Consumer Protection, May 2004 ---------, Green Paper on Retail Financial Services in the Single Market, COM (2007) 226 final ---------, Special Eurobarometer No. 252, Consumer protection in the Internal Market, September 2006 ---------, Survey of Financial Literacy Schemes in the EU27. November 2007 ---------, Directorate-General for Competition, Report on the retail banking inquiry, Commission Staff Working Document, SEC (2007) 106 European Parliament, Report on Improving consumer education and awareness on credit and finance (2007/2288(INI)) 18 November 2008 FIN-USE, Response to the Green Paper on Retail Financial Services in the Single Market, 2007 Gross, Karen, Financial Literacy Education: Panacea, Palliative, or Something Worse? New York Law School, Presentation, 2004 Hadfield, Gillian K, Robert Howse and Michael J Trebilcock, ―Information-Based Principles for Rethinking Consumer Protection Policy‖ Journal of Consumer Policy 21: 131-169, 1998 Herring, Richard J. and Anthony M. Santomero, ―What is Optimal Financial Regulation?‖, Wharton Financial Institutions Center Working Paper Series, Working Paper No/ 00-34, May 1999 Hilgert, Marianne A. and Jeanne M Hogarth, ―Household Financial Management: The Connection between Knowledge and Behavior‖, Federal Reserve Bulletin, July 2003 International Finance Corporation, Credit Bureau Knowledge Guide, 2006 Jentzsch, Nicola, The Economics and Regulation of Financial Privacy: An International Comparison of Credit Reporting Systems, 2007 Joint Forum of Basel Committee on Banking Supervision, International Organization of Securities Commission and International Association of Insurance Supervisors, Customer suitability in the retail sale of financial products and services, April 2008 Llewellyn, David T., ―The Economic Rationale for Financial Regulation, Financial Services Authority‖, FSA Occasional Papers in Financial Regulation, No. 1:1-57, April 1999 76 Loewenstein, G., T. O’Donoghue and M. Rabin, ―Projection Bias in Predicting Future Utility‖, Quarterly Journal of Economics 118 (4): 1209-1248, 2003 Lusardi, Annamaria and Olivia Mitchell, ―Financial Literacy and Retirement Preparedness: Evidence and Implications for Financial Education‖, Business Economics 42 (1): 35-44, January 2007. Mandell, Lewis, Personal Finance Survey of High School Seniors, The Jump$tart Coalition for Personal Financial Literacy, 2004 Miller, Margaret J. (ed.), Credit Reporting Systems and the International Economy, Massachusetts Institute of Technology, 2003 Mundy, Shaun, Financial Education in Schools: Analysis of Selected Current Programmes and Literature – Draft Recommendations for Good Practices, in proceedings of OECD-US Treasury International Conference on Financial Education, Washington DC, 7-8 May 2008, Volume II Organisation for Economic Co-operation and Development, Financial Literacy and Consumer Protection: Overlooked Aspects of the Crisis, OECD Recommendation on Good Practices on Financial Education and Awareness relating to Credit, 2009 ---------, Guidelines for Protecting Consumers from Fraudulent and Deceptive Commercial Practices Across Borders, 2003 ---------, Improving Financial Education and Awareness on Insurance and Private Pensions, 2008 ---------, Improving Financial Literacy: Analysis of Issues and Policies, November 2005 ---------, Recommendation on Principles and Good Practices for Financial Education and Awareness, Recommendation of the OECD Council, July 2005 Rekaiti, P. and Van den Bergh, R., ―Cooling-Off Periods in the Consumer Laws of the EC Member States. A Comparative Law and Economics Approach‖, Journal of Consumer Policy, November 2004 Taylor, Curtis R., ―Consumer Privacy and the Market for Customer Information‖, RAND Journal of Economics, 35 (4): 631-50, 2004 UK Department of Trade and Industry, Fair, Clear and Competitive: The Consumer Credit Market in the 21st Century, December 2003 UK Financial Services Authority, Reforming Conduct of Business Regulation, Consultation Paper, October 2006, US Department of Housing and Urban Development and Department of Treasury Joint Task Force, Curbing Predatory Home Mortgage Lending, June 2000 United Nations, Department of Economic and Social Affairs, United Nations Guidelines for Consumer Protection (as expanded in 1999), 1999 Weinstein, N., ―Unrealistic Optimism About Future Life Events‖, Journal of Personality and Social Psychology 39(5): 806-820, 1980 77 Willis, Lauren E., ―Against Financial Literacy Education‖, University of Pennsylvania Law School, Public Law and Legal Theory Research Paper Series, Research Paper No. #08-10, forthcoming November 2008 World Bank, Finance for All? Policies and Pitfalls in Expanding Access, 2008 World Bank, Finance and Private Sector Department of the Europe and Central Asia Region, Czech Republic: Technical Note on Consumer Protection in Financial Services, June 2007 ---------, Slovakia: Technical Note on Consumer Protection in Financial Services, July 2007 (Volumes I and II) World Bank Group, Financial and Private Sector Development Vice Presidency, Payment Systems Development Group, Payment Systems Worldwide: a Snapshot. Outcomes of the Global Payment Systems Survey 2008, 2008 78 Annex I - Private Pensions Sector Over the last twenty years, governments worldwide have moved from state-funded public pension schemes to private pension plans. The private plans may be funded by employers or by individual contributions. Funding may be mandatory or optional and the plans may be based on defined contribution or defined benefits. However, regardless of their structure, all private pension plans raise critical issues related to consumer protection. Pensions plans are typically the largest single financial investment for households and in the absence of strong consumer protection, households may find their plans are inadequate to meet their income needs. Unlike other parts of the financial sector, work on consumer protection in private pensions remains at a developmental stage. For other segments of the financial sector—banking, securities, insurance—over thirty years of experience with privately owned and managed financial institutions have generated a clear set of good practices for protection of financial consumers. These good practices are well established and reasonably uniform across developed and the more advanced emerging markets. However, there has been no explicit or implicit agreed international approach on good practices for private pensions and thus, policymakers have had very little guidance.73 Based on the lack of an agreed approach, the good practices for private pensions have relied on the good practices in use for the insurance sector (especially related to life annuities) and the securities sector (for investment funds). Recent experience indicates that other issues are also important for consumer protection in private pensions. It is clear that the policies and practices applicable for consumers as they make crucial decisions on short- and medium-term investments are not sufficient when households should make the long-term decisions involved in pensions. In addition to the consumer protection issues that arise for insurance and securities, consumer protection for private pensions relates to five key issues: (1) flexibility and options for consumers to switch among service providers of pension plans (pension management companies), (2) the terms and conditions of investment contracts with pension management companies, (3) treatment of the deccumulation (pay-out) phase, (4) controls over any fees that are deducted from the pension fund, and (5) levels of competition among pension management companies. Supervision is also a key issue for consumer protection in private pensions. Pensions may be supervised by the prudential supervisor, or the taxation authorities, or a combination thereof (e.g. Australia and Canada). There are also examples of the securities supervisor having responsibility for pensions (e.g. in Russia) or a combination of separate insurance and securities supervisors (e.g. Turkey). With only a few exceptions (such as the US), private pensions are not insured by the state. Thus no established international approach or even range of approaches currently exists. Ongoing global research, including by the World Bank, has started to identify good practices on private pensions, which will have the positive effect of forcing some consensus on the issues highlighted above. However, more time will be needed before a comprehensive set of good practices on private pensions can be presented. In the interim, the good practices noted below provide a useful starting point—and one that has been tested on five consumer protection 73 The International Organisation of Pensions Supervisors (IOPS) has only been in existence for a few years. The European Union has a Directive covering occupational arrangements, but not individual accounts. IOPS/OECD have also produced some broad supervisory guidelines. The US has the ERISA rules and related supervisory structures. 79 diagnostic reviews (for Romania, Croatia, Russia, Bulgaria and Latvia) prepared by the World Bank. A. Consumer Protection Institutions A.1. Consumer Protection Regime The legal system should recognize and provide for clear rules on consumer protection in the area of private pensions and there should be adequate institutional arrangements for the implementation and enforcement of consumer protection rules: a. There should be specific provisions in the law, which create an effective regime for the protection of consumers who deal with pension management companies. b. There should be a general consumer agency or a specialized agency, responsible for the implementation, oversight and enforcement of consumer protection, and data collection and analysis (including complaints, disputes and inquiries). c. The legal system should provide for a role for the private sector, including voluntary consumer organizations and self-regulatory organizations. A.2. Other Institutional Arrangements a. The judicial system should provide credibility to the enforcement of the rules on financial consumer protection. b. The media and consumer associations should play an active role in promoting financial consumer protection. B. Disclosure and Sales Practices B.1. General Practices a. There should be disclosure principles that cover the consumer’s relationship with the pension management company in all three stages of such relationships: pre-sale, point of sale, and post-sale. b. There should be clear rules on solicitation and issuance of pension products. c. The information available and provided to the consumer should clearly inform the consumer of the choice of accounts, products and services, as well as the risks associated with each of the options or choices. d. The pension management company should be legally responsible for all statements made in marketing and sales materials related to their products, and for all statements made by any person acting as an agent for the company. 80 B.2. Advertising and Sales Materials a. Pension management companies should ensure their advertising and sales materials and procedures do not mislead the customers. b. All marketing and sales materials should be easily readable and understandable by the average public. B.3. Key Facts Statement A Key Facts Statement should be presented by the pension management company before the employee signs a contract, disclosing the key factors of the pension scheme and its services. B.4. Special Disclosures a. Pension management companies should disclose information relating to the products they offer, including investment options, risk and benefits, fees and charges, restrictions on transfers, fraud protection over accounts, fee on closure of account. b. Clients should also be provided with meaningful, written information on essential terms of the agreement with the pension management company. c. Information on planned fee changes should be notified to the consumer a ―reasonable period‖ before the date of change. d. Pension management companies should inform upfront the nature of any guarantee arrangements covering the pension products. e. Customers should be informed upfront on the time, manner and process of disputing information on the statements and transactions. B.5. Professional Competence a. Marketing personnel, officers selling and approving transactions, and agents, should have sufficient qualifications and competence, depending on the complexities of the products they sell. b. The law should require agents to be licensed, or at least be authorized to operate, by the regulator or supervisor. B.6. Know Your Customer Before recommending a particular pension product, the sales officer should examine important characteristics of the customer, such as age and financial position, and be aware of the consumer’s risk appetite and his or her long-term objectives for retirement,. B.7. Disclosure of Financial Situation a. The regulator or supervisor should publish annual public reports on the development, health and strength of the pensions industry either as a special report or as part of their disclosure and accountability requirements under the law governing it. b. All pension management companies should disclose information regarding their financial position and profit performance. 81 B.8. Contracts There should be consistent contracts for pension products and the contents of a contract should be read by the customer or explained to the customer before it is signed. B.9. Cooling-off Period There should be a reasonable cooling-off period associated with any pension product. C. Customer Account Handling and Maintenance C.1. Statements a. Timely delivery of periodic statements and alerts pertaining to the accounts and at frequencies and in the form agreed between the customer and pension management company, should be made. b. Customers should receive a regular streamlined statement of their account that provides the complete details of account activity in an easy-to-read format, making reconciliation easy. c. Customers should have a means to dispute the accuracy of the transactions recorded in the statement within a stipulated period. d. When customers sign up for paperless statements, the pension management company should ensure that the consumer is able to read and understand such online statements. D. Privacy and Data Protection D.1. Confidentiality and Security of Customer’s Information Customers of pension management companies have a right to expect that their financial activities will have privacy from unwarranted private and governmental scrutiny federal government scrutiny and others. The law should require pension management companies to ensure that they protect the confidentiality and security of customer’s information against any anticipated threats or hazards to the security or integrity of such information, and against unauthorized access to, or use of, customer information that could result in substantial harm or inconvenience to any customer. D.2. Sharing Customer’s Information a. Pension management companies should inform the consumer of third-party dealings for which the pension management company intends to share information regarding the consumer’s account. b. Pension management companies should explain how they use and share customers’ personal information, and should be committed not to sell or share account or personal information to outside companies that are not affiliated with the pension management company for the purpose of telemarketing or direct mail marketing. 82 c. The law should allow a customer to stop or "opt out" of certain information sharing and the pension management companies should inform the customers of their option. d. The law should prohibit the disclosure of information of customers by third parties. D.3. Permitted Disclosures a. The law should state specific procedures and exceptions concerning the release of customer financial records to government authorities. b. The law should provide for penalties for breach of confidentiality laws. E. Dispute Resolution Mechanisms E.1. Internal Dispute Settlement a. An internal avenue for claim and dispute resolution practices within the pension management company should be required by the supervisory agency. b. Pension management companies should provide designated employees available to consumers for inquiries and complaints. c. The pension management company should inform its customers of the internal procedures on dispute resolution. d. The regulator or supervisor should provide oversight on whether pension management companies comply with their internal procedures on consumer protection rules. E.2. Formal Dispute Settlement Mechanisms A system should be in place that allows consumers to seek third-party recourse in the event they cannot resolve an issue with the pension management company. F. Guarantee Schemes and Safety Provisions F.1. Guarantee Schemes and Safety Provisions Guarantee and compensation schemes are less common in the pensions sector than in banking and insurance. There are more likely to be broader fiduciary duties and custodian arrangements to ensure the safety of assets. a. There should be a basic requirement in the law that pension management companies should seek to safeguard pension fund assets. b. There should be adequate depository or custodian arrangements in place to ensure that assets are safeguarded. 83 G. Consumer Empowerment G.1. Financial Education in Schools Schoolchildren should receive a planned and coherent program of financial education which is designed to give them the competence and confidence to manage their finances well during their adult lives. G.2. Using a Range of Initiatives and Channels, including the Mass Media a. A range of initiatives should be undertaken to improve people's financial capability. b. This should include encouraging the mass media to provide financial education, information and guidance. G.3. Unbiased Information for Consumers a. Financial regulators should provide, via the internet and printed publications, independent information on the key features, benefits and risks –and where practicable the costs- of the main types of financial products and services.. b. Non-governmental organizations should be encouraged to provide consumer awareness programs to the public in the area of pensions. 84 Annex II - Credit Reporting Systems Credit reporting is a crucial component of modern financial systems and a critical driver for efficiency in lending to consumers. Efficient and accurate credit reporting systems provide valuable benefits for consumers, enabling them to obtain increased access to credit at favorable terms and conditions and the ability to monitor their levels of debt to ensure that they avoid high levels of indebtedness. Transparency of credit reporting systems is important for good governance of these systems and, at the same time, controls should exist to protect personal data. Credit reporting is becoming an ever more pervasive activity that affects a consumer’s economic life by determining access and terms of financial services. Public policy should find the right balance between consumer data protection and the economic rationale of processing personal information. As of 2009, there were no international good practices for consumer protection in credit reporting, although a number of international data protection instruments provide useful guidance (see Table 8). Table 8. Overview of Consumer Protection Regulation for Credit Reporting Systems Institution Laws, Regulations, Directives and Guidelines UN Art. XII of the Universal Declaration of Human Rights Art. 17 of the International Covenant on Civil and Political Rights of 16 December 1966 UN Guidelines for the Regulation of Computerized Personal Data Files, adopted by the General Assembly Resolution 45/95 of 14 December 1990 OECD Guidelines for the Security of Information Systems and Networks: Towards a Culture of Security, 2002 Recommendation of the Council concerning guidelines governing the protection of privacy and trans- border flows of personal data, adopted by the Council 23 September 1980 Guidelines on the Protection of Privacy and Transborder Flows of Personal Data, 1980 Declaration of Transborder Data Flows, 1985 Ministerial Declaration on the Protection of Privacy on Global Networks, 1998 World Bank Principles and Guidelines for Credit Information Systems, 2004 APEC APEC Privacy Framework, 2005 EU Directive on the Protection of Individuals with regard to the Processing of Personal Data and on the Free Movement of such data, 1995/46/EC Directive on Credit Agreements for Consumers, 2008/48/EC repealing Directive 87/102/EEC COE Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data (ETS No. 108 of 28 January 1981, entered into force on 01 October 1985) and Explanatory Report Amendment to Convention ETS No. 108 allowing the European Communities to accede (adopted 15 June 1999, entered into force after acceptation by all Parties) and Explanatory Memorandum Additional Protocol to Convention ETS No. 108 on Supervisory Authorities and Trans-border Data Flows and Explanatory Report (ETS No. 181, opened for signature on 8 November 2001) Recommendation No. R(2002) 9 on the protection of personal data collected and processed for insurance purposes (18 September 2002) and Explanatory Memorandum 85 Institution Laws, Regulations, Directives and Guidelines Recommendation No. R(90) 19 on the protection of personal data used for payment and other operations (13 September 1990) and Explanatory Memorandum EU-US Safe Harbor Framework, 2000 US Fair Credit Reporting Act, 1970 Fair and Accurate Credit Transaction Act, 2003 Several initiatives are underway to further improve credit reporting. The Western Hemisphere Credit and Loan Reporting Initiative (WHCRI)74 defines policies and actions for sub-regional integration of credit and loan reporting systems. To date, assessments have been conducted in eight countries in Latin America (Brazil, Chile, Colombia, Costa Rica, Mexico, Peru, Trinidad and Tobago, and Uruguay.)75 It is planned that WHCRI will eventually cover all the countries of the Latin America Region. In addition, the International Finance Corporation (as part of the World Bank Group) has developed the Global Credit Bureau Program, which supports credit bureaus in more than 100 countries worldwide.76 The World Bank Group has also established the African Credit Reporting and Financial Information Infrastructure Program to improve the quality and availability of data on borrowers in Africa. A similar program is also envisaged for the Middle East. In addition the World Bank Group, in cooperation with the BIS, has advanced plans to define a set of international standards for credit reporting, which will include extensive coverage of consumer protection and financial literacy as an instrument to facilitate credit reporting systems. The exercise is expected to start in the coming months. In addition, in June 2008 the European Commission set up an Expert Group on Credit Histories to identify barriers to the access to, and exchange of, credit information within the EU and to put forward recommendations to the Commission.77 The report of the Expert Group is due by May 2009. The good practices in this Annex are based upon international practices regarding data protection policies. These include the basic principles by the United Nations, Organization for Economic Co-operation and Development, the Asia-Pacific Economic Cooperation, the European Union and the Council of Europe. Alternative regulatory models have been taken into account through the comparison of credit reporting regulation in 100 countries.78 Thus the good practices have been developed based upon a broad range of policy and academic literature, cross-country law evaluation as well as practical experience from a number of country-based analyses.79 74 See www.whcri.org 75 The project is conducted by the World Bank together with the Centro de Estudios Monetarios Latinoamericanos (CEMLA). 76 International Finance Corporation, Credit Bureau Knowledge Guide, 2006 77 See http://ec.europa.eu/internal_market/finservices-retail/credit/history_en.htm 78 See for example Jentzsch, N., The Economics and Regulation of Financial Privacy: An International Comparison of Credit Reporting Systems, 2007. Jentzsch found that 80 out of 100 countries in the sample had constitutional privacy protection clauses, 35 had data protection laws, 7 credit reporting laws, 6 statutory codes and 22 industry codes of conduct.. 79 See also Margaret J. Miller (ed.), Credit Reporting Systems and the International Economy, Massachusetts Institute of Technology, 2003 86 The good practices focus on the issues of privacy and data protection, which lay at the core of sound consumer protection in credit reporting systems. For a full and detailed review of consumer protection in credit reporting systems, other issues are also important and should be considered. In particular, credit reporting systems should be subject to appropriate oversight with sufficient enforcement authority. Other issues include the viability of consumer protection institutions, questions of adequate disclosure to consumers and accessibility to credit bureaus, reporting and handling of customer information, dispute resolution mechanisms, consumer awareness and empowerment, and competition among credit bureaus. A. Privacy and Data Protection A.1. Consumer Rights in Credit Reporting Laws and regulations should require basic consumer rights. These rights may include: a. The right of the consumer to consent to information-sharing based upon the knowledge of the institution’s information-sharing practices. b. The right to access the credit report of the individual, subject to proper identification of that individual and free of charge (at least once a year). c. The right to know about adverse action in credit decisions or less-than-optimal conditions/prices due to credit report information. In this process, consumers should be provided with the name and address of credit bureau. d. The right to be informed about all inquiries within a period, such as six months. e. The right to correct factually incorrect information or to have it deleted. f. The right to mark (flag) information that is in dispute. g. The right to decide if the consumer's credit information (for purposes not related to the granting of credit) can be shared with third parties. h. The right to have sensitive information especially protected (not included in the credit report), such as race, political and philosophical views, religion, medical information, sexual orientation or trade union membership. i. The right to reasonable retention periods such as those for positive information (for example, at least two years) and negative information (for example, 5-7 years.) j. The right to have information kept confidential and with sufficient security measures in place to prevent unauthorized access, misuse of data, or loss or destruction of data. Informed consent is the necessary pre-condition for creating transparency of information processing. Article 3 of the UN Guidelines regarding files states that ―the purpose which a file is to serve and its utilization in terms of that purpose should be specified, legitimate and, when it is established, receive a certain amount of publicity or be brought to the attention of the person concerned.‖ This ensures that all processed personal data is relevant to the purpose stated, there are no secret databases, and no data is used without the consent of the data subject. This right can be waived in the context of sharing information with a public credit register for supervisory purposes. However, the consumer should at least be informed about that type of information sharing and be referred to the articles in law applicable to it. 87 Around the world, this good practice for consumer protection is reflected in most data protection laws, such as the EU Data Protection Directive (implemented in the 27 EU Member States and some Latin American countries), many non-European laws,80 the COE Convention, as well as in the Openness Principle 12 of the OECD Guidelines on the Protection of Privacy. The right to access personal information and in this context the credit report and score, is justified by Principle 4 of the UN Guidelines (―interested-person access‖ that demands proper proof of identity). ―Access and correction rights‖ are provided by all major international data protection instruments (UN, OECD, EU and APEC principles). More advanced credit reporting regimes are implementing the requirement to explain to consumers the credit score (for instance, as is done in the US). This can be implemented in a cost-effective way but should be tailored to the development stage of the industry. However, where the industry just started to operate, companies should not be over-burdened with access requirements and a transition period would be warranted. Access to information by individuals who are subject to collection of the information, is granted in most countries that have data protection provisions. Access is the pre-condition to dispute resolution and correction. These basic rights are established in all major international instruments relevant for data protection, such as in the UN Guidelines (Principles 2 and 4) and OECD Guidelines on the Protection of Privacy (Individual Participation Principle 13). In the latter, it is stated that the individual has the right to obtain confirmation whether information has been stored from the data controller and to have it communicated within a reasonable manner and timeframe. Access is also mentioned in the World Bank‘s Principles for the Operation of Credit Information Systems (Principles B1.4 and 25).81 In addition, the cost of correction shall be borne to the data controller (UN Principle 4). According to Jentzsch (2007), the right to have information corrected is laid out in more than 40 countries. The right to block information in cases of dispute is also common in credit reporting regimes. Between 2005 and 2006, this right was implemented in 25 countries. Blocked or flagged information indicating a dispute is an additional quality signal for creditors. The right to know to whom the information was disclosed is implemented in 44 countries (Jentzsch, 2007). The consent principle in many cases includes the provision that individuals can stop information processing for purposes unrelated to credit granting, such as marketing. Marketing restrictions (in terms of opt-in or opt-out) are in place in 25 countries. Opt-out increases marketing participation rates and depends on the framing of the question.82 For instance, APEC‘s Principle IV Uses of Personal Information) demands that information is only used for the purposes of collection stated beforehand, except where the individual has given consent. The right to have sensitive information specifically protected is part of most major international instruments, such as the OECD reports (Comment to Guidelines on the Protection of Privacy), UN Principles (Principle 5), the COE Convention (Article 6), the EU Data Protection Directive (Article 8), and the EU-US Safe Harbor Framework. Legal controls against anti-discrimination 80 For example, the US Fair Credit Reporting Act (1970) and the Consumer Reporting Employment Clarification Act (1998) 81 See http://www1.worldbank.org/finance/html/creditreporting/Principles.htm 82 See Bellman, S., E. J. Johnson, G. L. Lohse, ―On site: to opt-in or opt-out?: It depends on the question, Communications of the ACM, Volume 44 , Issue 2 25-27, February 2001 88 are also discussed in the World Bank Principles (Principle 15). Only the APEC Privacy Framework does not demand extra protection of personal sensitive information. The major international instruments also demand a limitation on information collection and distribution, e.g. OECD Guidelines on the Protection of Privacy (Principle 10), UN Principles (Principle 3), APEC Privacy Framework (Principle III Collection Limitation), and the COE Convention. The latter, for instance, states in Article 5 e. that data are ―preserved in a form which permits identification of the data subjects for no longer than is required for the purpose for which those data are stored.‖ Companies have an incentive to excessively collect personal information that can lead to sub-optimal market results.83 Therefore it is good practice to find time limits that set a limitation on data collection. International averages for negative information are seven years for bankruptcy, five years for lawsuits, and six years for judgments for a sub-sample of the surveyed countries. The World Bank typically proposes a range of five to seven years (Principle 17). According to the above principle of purpose specification, positive information should not be stored excessively as it loses its predictive power. The duty of financial institutions to inform customers in case of adverse action in credit decisions is now part of US and European legislations. According to Jentzsch (2007), only seven countries had this clause, partly because it was only recently introduced in Europe in the Article 9 of the Consumer Credit Directive. According to the Directive, creditors should inform the consumer immediately and free of charge about the result of database consultation and the particulars of the databases consulted. The additional duty to inform consumers about less than optimal conditions is part of US regulations.84 Informing consumers ―only in adverse action situations‖ is not sufficient for adequate data protection. Also care should be taken to ensure that public sector and private sector credit registers provide the same level of consumer protection on the use of personal data. Both types of information systems provide data that allow for identification of individuals and both should provide the same high quality of protection for consumers of financial services. B. Consumer Empowerment B.1. Unbiased Information for Consumers Financial regulators should provide, via the internet and printed publications, independent information for consumers that seek to improve their knowledge for .actively managing the credit report. 83 See Taylor, C.R., ―Consumer Privacy and the Market for Customer Information‖, RAND Journal of Economics 35 (4), 631-50, 2004. 84 See "risk-based pricing notices", Section 311(a) of the Fair and Accurate Credit Transaction Act of 2003 and Notice of proposed rulemaking for correction of this Act (Fair Credit Reporting Risk-Based Pricing Regulations, 2008). 89 Education on credit reporting may comprise several activities, such as the key information brochure that explains to consumers privacy choices and their impacts, as well as rights and obligations. Some examples from the FTC are the following:  Privacy Choices for Your Personal Financial Information  Building a Better Credit Report  Credit Repair: Self Help May Be Best  Disposing of Consumer Report Information? New Rule Tells How It would be important to help consumers understand that credit financing costs could be reduced once the credit score reflects a better credit risk and how this can be achieved. Education on credit reporting should also include a disclosure of the main factors that have an impact on the credit score. Public information campaigns have been actively pursued by regulators in the US, South Africa, and the UK. B.2. Awareness of Credit Reporting In order to ensure that financial consumer protection and educational initiatives are appropriate, it is necessary to measure financial capability with large-scale surveys that are repeated periodically. These surveys should include questions on credit reporting and scoring. Credit reporting is becoming an ever more pervasive activity in the economy. Therefore, questions about knowledge on credit reporting should be included in financial literacy surveys, in order to be able to better tailor public information campaigns on credit reporting. There is no international predecessor for this good practice. 90 Annex III – Payment and Remittance Systems Retail Payment Services and Circuits: Background The Payments System is the infrastructure established to facilitate the transfer of monetary value between parties.85 Its structure and design determine the efficiency with which transaction money is used in the economy, and the risk associated with its use. An efficient National Payments System (NPS) reduces the cost of exchanging goods and services, and is indispensable to the functioning of the interbank, money, and capital markets. In particular, a wide range of payment instruments is essential for supporting customers’ needs in a market economy. A less than optimal supply of payment instruments may ultimately have an impact on economic development and growth. Moreover, the safe and efficient use of money as a medium of exchange in retail transactions is particularly important for the stability of the currency and a foundation of the trust people have in it. The use of retail payment instruments differs in industrialized countries both within and between the countries considered. This is due to a variety of reasons including cultural, historical, economic and legal factors. However, some common trends may be observed, namely: the continued primacy of cash (in volume terms) for face-to-face payments; growth in payment cards use; increased use of direct funds transfers, especially direct debit transfers, for remote payments; and changes in the market arrangements for providing and pricing the retail payment instruments and services delivered to end-users.86 This evolution is likely to continue in the future and is expected to influence traditional (especially paper-based) instruments. Over the long term, some of the observed market developments may well alter traditional payment practices and contribute to increased efficiency and convenience in retail payment systems. In a growing number of countries more and more attention is devoted by authorities and market participants to the efficiency and efficacy of production and distribution of payment instruments (including cash). Remittances are an important component of the NPS and an important source of ―income‖ in many developing economies, and their total value is steadily increasing. At a global level, $318 billion were officially recorded as remittance payments in 2007, however, given measurement uncertainties, actual flows may be much higher, perhaps by 50 percent or more. Remittances can be defined as cross-border person-to-person payments of relatively low value. They are recurrent payments by migrant workers to support their families’ home, and the largest source of external financing for developing countries. For some of those countries, remittances can account for as much as a third of the GDP. However, they can be often expensive relative to the low incomes of migrant workers and the rather small amounts sent. In any market, full information (i.e. transparency) is important because it enables individuals to make informed decisions about which services to use and helps to make the market as a whole more efficient. Transparency, as well as adequate consumer protection, has relevance for the development and improvement of both national payment systems and markets for remittances. 85 Annex III was prepared by the World Bank's Payment Systems Development Group. 86 For an analysis of the trends in retail systems and services, see World Bank Group, Payment Systems Worldwide: A Snapshot. Outcomes of the Global Payment Systems Survey 2008, 2008. 91 International Standards The G-10 Committee on Payment and Settlement Systems (CPSS) of the Bank for International Settlements (BIS) is the main standard setters in the field of payment systems and has published several reports to guide the actions of authorities and market players over the last 15 years. International Financial Institutions, such as the International Monetary Fund and the World Bank have participated actively in many of these efforts. Also the World Bank is standard setter in the field of international remittances, together with the CPSS-BIS. In the field of retail systems, several CPSS reports have expanded on the issue of payment services and circuits, with regard also to consumer protection and transparency. 87 In particular, a 2003 CPSS Report88 identifies and explores policy issues for central banks and considers the possible contribution of central banks towards furthering certain policy goals in this area. Central banks are currently involved in retail payments in three main ways: (1) in an operational capacity; (2) as payment system overseers, or (3) as catalysts or facilitators of market and regulatory evolution. Even though the involvement of the central bank in retail varies from country to country, the Report suggests that each central bank should examine developments in its markets periodically in the light of some identified policy issues (see below), in order to form a view on whether such issues arise in practice. Where such issues are judged to arise, relevant public authorities (including central banks) may decide to take action aimed at establishing or re- establishing an acceptable balance of the various aspects of safety and efficiency. The public policy goals, the central bank minimum action, and the range of possible additional actions identified in the CPSS Report are summarized in the Box below. Box 1: Public Policy Goals, Central Bank Minimum Actions and Range of Possible Additional Actions for Retail Payment Systems Legal and Regulatory Framework Public Policy Goal A: Policies relating to the efficiency and safety of retail payments should be designed, where appropriate, to address legal and regulatory impediments to market development and innovation. The central bank should, at a minimum: (i) Review the legal and regulatory framework to identify any barriers to improvements in efficiency and/or safety; (ii) Cooperate with relevant public and private entities so that the legal and regulatory framework keeps pace with the changing circumstances and barriers to improvements in efficiency sand/or safety are removed, where appropriate. The range of possible additional actions could include, depending on the individual central bank’s responsibilities, powers and priorities: - Altering regulations that currently present barriers to improving efficiency and safety, where this is within the central bank’s remit and where other public interest arguments do not militate against such action; - Introducing or proposing new regulations, as the central bank’s remit allows, where the legal or regulatory framework is insufficient to support increased efficiency and/or safety; - Offering expert advice to other responsible authorities, for example in the preparation of relevant legislation. 87 See also Bank for International Settlements, Committee on Payment and Settlements Systems, Clearing and Settlement Arrangements for Retail Payments in Selected Countries, September 2000; and Retail Payment Systems in Selected Countries: a Comparative Study, September 1999. 88 Bank for International Settlements, Committee on Payment and Settlements Systems, Policy Issues for Central Banks in Retail Payments, March 2003. 92 Market Structure and Performance Public Policy Goal B: Policies relating to the efficiency and safety of the retail payments should be designed, where appropriate, to foster market conditions and behaviors. The central bank should, at a minimum: (i) Monitor developments in market conditions and behaviors relating to retail payment instruments and services and assess their significance; (ii) Cooperate with other public or private entities, as appropriate, to foster competitive market conditions and to address any significant public policy issues arising from market structures and performance. The range of possible additional actions could include, depending on the individual central bank’s responsibilities, powers and priorities: - Promoting appropriate standards or guidelines for transparency, in cooperation with relevant public and private sector entities; - Reviewing conditions in the market for cross-border retail payments, with a view to promoting improvements, is such action is warranted; - Considering and, if appropriate, performing regulatory and/or operational intervention in cases where market forces are judged not to have achieved or not to be likely to achieve an efficient and safe solution. Standards and Infrastructure Public Policy Goal C: Polices relating to the efficiency and safety of retail payments should be designed, where appropriate, to support the development of effective standards and infrastructure arrangements. The central bank should, at a minimum: (i) Monitor developments in security standards, operating standards and infrastructure arrangements for retail payments which the central bank judges to be important for the public interest, and assess their significance; (ii) Cooperate with relevant public and private entities to encourage market improvements in such standards and infrastructure arrangements, where appropriate. The range of possible additional actions could include, depending on the individual central bank’s responsibilities, powers and priorities: - Participating actively in reviewing and developing appropriate standards and arrangements, in cooperation with relevant public and private entities, where the central bank judges its more intensive involvement to be necessary to furthering the goal; - Considering and, if appropriate, performing regulatory and/or operational intervention in cases where market forces are judged not to have achieved or not to be likely to achieve and efficient and safe solution. Central Bank Services Public Policy Goal D: Policies relating to the efficiency and safety of retail payments should be designed, where appropriate, to provide central bank services in the manner most effective for the particular market. The central bank should, at a minimum: (i) Review and, if appropriate, adapt its provisions of settlement services to contribute to efficient and safe outcomes; (ii) Be transparent in its provision of services. The range of possible additional actions could include, depending on the individual central bank’s responsibilities, powers and priorities: - Reviewing the relevant non settlement services it provides and considering their adaptation to changing market conditions; - Reviewing policies on access to central bank services and on pricing. 93 The CPSS Report has been prepared in the light of the trends in retail payment markets in the G- 10 countries and Australia. It is likely that, in developing countries, central banks and other private and public entities need to take a proactive role and explore carefully the possibility of using the additional actions.89 The 2006 CPSS Report on payment system reform90 underlines that payment system development is a complex process that should be principally needs-based. Successful reforms depend on parallel development of the banking system, institutional arrangements for payment services and payment infrastructure and should therefore be a cooperative effort, involving stakeholders from, for example, the banking sector and regulatory agencies. The report includes 14 guidelines which aim at giving assistance and advice on the planning and implementation of reforms. Several aspects of consumer protection are involved, in particular in Guidelines 9, 10 and 11. In the first place, a transparent and comprehensive legal framework is generally considered the basis for a sound and efficient payment system. Laws on transparency and security of payment instruments, terms and conditions, antitrust legislation for the supply of payment services, and legislation on privacy, for example, significantly impact the soundness of the broad legal framework on payments systems. Box 2: Guideline 10 of the CPSS Report Guideline 10. Promote legal certainty: develop a transparent, comprehensive and sound legal framework for the national payment system. Explanation: The legal framework for a national payment system is the body of law which determines the rights and obligations of parties in the system. It can be established by legislation or other statutory instruments, common law, administrative law, contracts (including system rules), or international treaties and regulations. It also deals with the transfer procedures and resolution of disputes regarding instruments, services, organizational arrangements and governance procedures for transferring and settling obligations with finality. A sound legal framework for the national payment system reduces the legal uncertainty and risk for the participants in payment infrastructures and service markets. The legal framework involves laws of general applicability (such as property, contract, corporate and insolvency laws) that affect the payment system, as well as those that are specific to it (such as payment legislation, netting laws and clearing house rules). In addition, it includes the legislative and judicial arrangements for establishing, interpreting, adjudicating and enforcing those laws […] The oversight function of payments system is currently at the heart of the international debate, and it is emerging as a key factor to ensure proper monitoring of the reliability and efficiency of domestic payment systems. The deployment of an effective payment system oversight function also depends on the level of cooperation between overseers, market players, financial regulators and other authorities. Among the subjects to be involved in the oversight function, Guideline 9 puts the emphasis on competition regulators and customer protection agencies. 89 See also Cirasino, Massimo, Jose A. Garcia, Mario Guadamillas and Fernando Montes-Negret, Reforming Payments and Securities Settlement Systems in Latin America and the Caribbean, World Bank, 2007. 90 Bank for International Settlements, Committee on Payment and Settlement Systems, General Guidance for National Payment System Development, January 2006. 94 Box 3: Guideline 9 of the CPSS Report Guideline 9. Collaborate for effective oversight: effective payment system oversight by the central bank often requires collaborative arrangements with other authorities. Explanation: Although the central bank has oversight responsibility for the national payment system, it may not be the only public agency with influence on the system. Other authorities and regulatory agencies can influence the efficiency and competitiveness of payment service markets, the risk management practices and customer relations of various financial institutions providing services in them. These agencies include:  banking supervisors that assess and regulate the financial risk management practices of financial institutions participating in market arrangements and providing payment services to end users;  securities regulators and self-regulatory organizations (SROs) that deal with the customer service and prudential risk management practices of securities brokers and fund managers and with some aspects of the business conduct of securities organizations;  competition regulators that focus on anti-competitive business practices of various types of business organizations, including those that provide payment infrastructure services;  Treasury or Finance Ministry departments that sponsor the legislation and other statutory instruments underpinning the legal and regulatory framework for the payment system; and  consumer affairs agencies that influence contract terms for payment accounts and services and protect the contractual rights of customers of their financial institutions […] Finally the existence of a wide range of payment instruments is essential to support customers’ needs in a market economy and improve access to financial services. For these reasons, the efficiency of the retail payments market also relies on the level of consumer confidence and consumer protection. Box 4: Guideline 11 of the CPSS Report Guideline 11. Retail – give more choice to more people: extend the availability and choice of efficient and secure non-cash payment instruments and services available to consumers, businesses and government by expanding and improving retail payment infrastructures Explanation: The development of a country’s commercial, industrial and even financial sector generally increases demand for greater diversity and use of non-cash retail payment instruments and services. Reform initiatives in retail payments would need to focus, therefore, on enhancing the availability to private and public users of various retail payment instruments and services and on promoting safe and efficient transaction, clearing and settlement service arrangements. These services can only be supplied through reliable, secure and efficient infrastructure arrangements. Development initiatives for retail transaction systems might need to aim at:  expanding availability of payment instruments, both through the day and over more locations;  widening the range of standardized paper or electronic payment instruments, especially with respect to credit transfer instruments;  improving the security and confidentiality in the transmission of payment information;  establishing legally sound service agreements for providers and users with regard to payment accounts and instruments and system participation; and  improving interoperability among point-of-sale transaction networks for specific types of payment instruments, notably payment card and ATM networks. For clearing and settlement arrangements, useful development initiatives could involve:  improving interregional payment clearing and settlement through interconnection of regional clearing houses and, if possible, national clearing facilities;  integrated settlement account management systems for regional central bank branches and ultimately the development of a nationwide centralised account administration system; and  setting common standards for particular types of payment instruments, and common clearing house standards and procedures for clearing different types of retail payment instruments. 95 Important reform initiatives common to all core infrastructures could relate to:  specifying clear policies that ensure equitable access to infrastructure services, particularly with respect to institutions participating directly in the system;  improving transparency of pricing policies, operating rules and procedures and operational and financial risks;  strengthening, where required, risk control and risk-sharing arrangements and the resiliency levels and business contingency plans for network operations; and  reviewing and, if necessary, strengthening governance to reflect the needs of all participating institutions. As for remittances, transparency is particularly important because the price to the consumer depends on two elements, the exchange rate used and any fees charged; combining these to calculate which service is cheapest is difficult for most consumers. Transparency, as well as adequate consumer protection, is also important because, as low-income migrants in a foreign country, many senders may have difficulties in understanding the local language or in providing adequate identification to open a bank account, or lack the time and financial literacy to search out and compare different remittance services.91 The 2007 CPSS Report on remittances92 provides an analysis of the payment system aspects of remittances and sets out general principles designed to assist countries in improving the market for remittance services. In particular, General Principle 1 indicates that the market for remittance services should be transparent and have adequate consumer protection. Remittance service providers should therefore be encouraged to provide relevant information about their own services in easily accessible and understandable forms. Authorities or other organizations may want to provide comparative price information. They may also wish to undertake educational campaigns to give senders and receivers sufficient background knowledge to be able to understand the information provided. Box 5: General Principle 1 of the CPSS Report General Principle 1. Transparency and consumer protection: the market for remittance services should be transparent and have adequate consumer protection. In any market, full information – i.e. transparency – is important because it enables individuals to make informed decisions about which services to use and helps to make the market as a whole more efficient. Transparency in the market for remittances is arguably particularly important because the price to the consumer depends on two elements, the exchange rate used and any fees charged, and combining these to calculate which service is cheapest is difficult for most consumers. Transparency, as well as adequate consumer protection, is also important because, as low-income migrants in a foreign country, many senders may have difficulties in understanding the local language or in providing adequate identification to open a bank account, or lack the time and financial literacy to search out and compare different remittance services. General Principle 1 is therefore that the market for remittance services should be transparent and have adequate consumer protection. Remittance service providers should therefore be encouraged to provide relevant information about their own services in easily accessible and understandable forms. Authorities or other organizations may want to provide comparative price information. They may also wish to undertake educational campaigns to give senders and receivers sufficient background knowledge to be able to understand the information provided. It is important to note that the General Principles for International Remittance Services de facto defines standards for all payment services. Also they have been formally endorsed by the G-8, the G-20 and the Financial Stability Countries and countries have been urged to adopt them. In addition, the multilaterals and development banks that participated into the Task Force that 91 See Cirasino, Massimo ―The Committee on Payment and Settlement Systems and the World Bank General Principles on International Remittance Services‖, AccessFinance, Issue No. 11, May 2006. 92 Bank for International Settlements, Committee on Payment and Settlement Systems and the World Bank, ―General Principles for International Remittance Services‖, January 2007. 96 produced the General Principles are releasing a Guidance report for the application of these standards in the last quarter of 2008. The report will include detailed guidelines to implement, among others, General Principle 1 on transparency and consumer protection. Implementing the Standards Several institutions provide assistance to countries to implement international standards in the field of payment, remittance and securities settlement. Extending beyond 12 years, the World Bank’s Payment Systems Development Group has supported implementation of payment and remittance systems reforms in over 100 countries. In this regard, it is worth mentioning the work managed under the umbrella of regional initiatives, such as the Arab Payments Initiative (API), the Commonwealth of Independent States Initiative (CISPI), the South Asia Payments Initiative (SAPI), the Southern African Development Community (SADC) payment project, and the Western Hemisphere Payments and Securities Settlement Forum (WHF). In the field of consumer protection, for example, in 2008 the World Bank will release the first price database for international remittance services. The tool is intended to promote international transparency by tracking the evolution of the business environment for remittances worldwide, in particular in the area of remittance transaction costs. The survey covers initially 114 corridors from 14 send markets, representing over 50 percent of global remittances. It will be released on a biannual basis. The World Bank Group is committed to continue playing a central role in this field. 97