Good Practices for Financial Consumer Protection 2017 Edition 122011 RESPONSIBLE FINANCIAL ACCESS Finance & Markets Global Practice Good Practices for Financial Consumer Protection 2017 Edition © 2017 International Bank for Reconstruction and Development / The World Bank Group 1818 H Street NW Washington DC 20433 Telephone: 202-473-1000 Internet: www.worldbank.org First edition published 2012. Second edition published 2017. DISCLAIMER This work is a product of the staff of The World Bank with external contributions. The findings, interpretations, and conclusions expressed in this work do not necessarily reflect the views of The World Bank, its Board of Executive Directors, or the governments they represent. The World Bank does not guarantee the accuracy of the data included in this work. The boundaries, colors, denominations, and other information shown on any map in this work do not imply any judgment on the part of The World Bank concerning the legal status of any territory or the endorsement or acceptance of such boundaries. RIGHTS AND PERMISSIONS The material in this work is subject to copyright. Because The World Bank encourages dissemination of its knowledge, this work may be reproduced, in whole or in part, for noncommercial purposes as long as full attribution to this work is given. Any queries on rights and licenses, including subsidiary rights, should be addressed to the Office of the Publisher, The World Bank, 1818 H Street NW, Washington, DC 20433, USA; fax: 202-522-2422; e-mail: pubrights@worldbank.org. CONTENTS Foreword ix Acknowledgments xi Acronyms and Abbreviations xiii INTRODUCTION 1 CHAPTER 1: DEPOSIT AND CREDIT PRODUCTS AND SERVICES 7 : Legal and Supervisory Framework A 9 A1: Legal Framework 9 A2: Institutional Arrangements and Mandates 11 A3: Regulatory Framework 14 A4: Supervisory Activities 15 A5: Enforcement 18 A6: Codes of Conduct and Other Self-Regulation 20 A7: Dissemination of Information by the Authority 21 B: Disclosure and Transparency 23 B1: Format and Manner of Disclosure 23 B2: Advertising and Sales Materials 26 B3: Disclosure of Terms and Conditions 27 B4: Key Facts Statements 29 B5: Statements 31 B6: Notification of Changes in Rates, Terms, and Conditions 33 C: Fair Treatment and Business Conduct 34 C1: Unfair Terms and Conditions 34 C2: Unfair Practices 35 C3: Sales Practices 37 C4: Product Suitability 38 C5: Customer Mobility 39 C6: Professional Competence 40 C7: Agents 41 C8: Compensation of Staff and Agents 42 C9: Fraud and Misuse of Customer Assets 43 C10:  Debt Collection 45   iii iv   Good Practices for Financial Consumer Protection D: Data Protection and Privacy 46 D1: Lawful Collection and Usage of Customer Data 46 D2: Confidentiality and Security of Customers’ Information 47 D3: Sharing Customer Information 48 E: Dispute Resolution Mechanisms 49 E1: Internal Complaints Handling 49 E2: Out-of-Court Formal Dispute Resolution Mechanisms 51 F: Guarantee Schemes and Insolvency 53 F1: Depositor Protection 53 F2: Bankruptcy of Individuals 54 F3: Insolvency of Financial Institutions 55 CHAPTER 2: INSURANCE 63 A: Legal and Supervisory Framework 65 A1: Consumer Protection Legal Framework 65 A2: Institutional Arrangements and Mandates 67 A3: Regulatory Framework 68 A4: Supervisory Activities 70 A5: Enforcement 73 A6: Codes of Conduct and Other Self-Regulation 74 A7: Dissemination of Information by Authorities 75 B: Disclosure and Transparency 76 B1: Format and Manner of Disclosure 76 B2: Advertising and Sales Materials 77 B3: Disclosure of Terms and Conditions 78 B4: Key Facts Statements 80 B5: Statements and Ongoing Post-Sale Communications 81 B6: Notification of Changes in Rates, Terms, and Conditions 82 B7: Public Disclosure of Insurer Information 83 C: Fair Treatment and Business Conduct 83 C1: Unfair Terms and Conditions 83 C2: Sales Practices and Conflicts of Interest 84 C3: Product Suitability 86 C4: Customer Mobility and Cooling-Off Periods 86 C5: Professional Competence 88 C6: Agents and Intermediaries 88 C7: Compensation of Staff, Agents, and Intermediaries 89 D: Data Protection and Privacy 90 D1: Lawful Collection and Usage of Customer Data 90 D2: Confidentiality and Security of Customers’ Information 91 D3: Sharing Customer Information 92 E: Dispute Resolution Mechanisms 93 E1: Internal Complaints Handling 93 E2: Out-of-Court Formal Dispute Resolution Mechanisms 94 F: Guarantee Schemes and Insolvency 95 F1: Guarantee Schemes and Insolvency 95 CHAPTER 3: PRIVATE PENSIONS 99 A: Legal and Supervisory Framework 100 A1: Consumer Protection Legal Framework 100 A2: Institutional Arrangements and Mandates 101 A3: Regulatory Framework 102 Contents  v A4: Supervisory Activities 103 A5: Enforcement 103 A6: Dissemination of Information by Authorities 104 B: Disclosure and Transparency 106 B1: Format and Manner of Disclosure 106 B2: Advertising and Sales Materials 108 B3: Disclosure of Terms and Conditions 108 B4: Key Facts Statements 112 B5: Statements and Ongoing Post-Sale Communications 113 B6: Notification of Changes in Rates, Terms, and Conditions 116 C: Fair Treatment and Business Conduct 116 C1: Unfair Terms and Conditions 116 C2: Sales Practices and Conflicts of Interest 117 C3: Customer Mobility and Cooling-Off Periods 118 C4: Professional Competence 119 C5: Agents and Intermediaries 120 C6: Compensation of Staff, Agents, and Intermediaries 121 C7: Fraud and Misuse of Customer Assets 122 C8: Bankruptcy 122 D: Data Protection and Privacy 123 D1: Lawful Collection and Usage of Customer Data 123 D2: Confidentiality and Security of Customer’s Information 124 D3: Sharing Customer’s Information 125 E: Dispute Resolution Mechanisms 125 E1: Internal Complaints Handling 125 E2: Out-of-Court Formal Dispute Resolution Mechanisms 127 CHAPTER 4: SECURITIES 135 A: Legal and Supervisory Framework 136 A1: Consumer Protection Legal Framework 136 A2: Institutional Arrangements and Mandates 138 A3: Regulatory Framework 140 A4: Supervisory Activities 141 A5: Enforcement 142 A6: Codes of Conduct 143 A7: Dissemination of Information by Authorities 145 B: Disclosure and Transparency 146 B1: Format and Manner of Disclosure 146 B2: Advertising and Sales Materials 146 B3: Disclosure of Terms and Conditions 147 B4: Disclosure of Product Risk 148 B5: Disclosure of Conflicts of Interest 149 B6: Key Facts Statements for CIUs 150 B7: Contract Notes 152 B8: Statements 152 C: Fair Treatment and Business Conduct 153 C1: Unfair Terms and Conditions 153 C2: Sales Practices and Duty of Care 154 C3: Product Suitability 155 C4: Customer Mobility 156 vi   Good Practices for Financial Consumer Protection C5: Segregation of Funds 156 C6: Misuse and Misappropriation of Customer Assets 157 C7: Agents and Intermediaries 157 C8: Compensation of Staff, Agents, and Intermediaries 158 C9: Customer Records 159 D: Privacy and Data Protection 159 D1: Lawful Collection and Usage of Customer Data 159 D2: Confidentiality and Security of Customer Information 161 D3: Sharing Customers’ Information 161 E: Dispute Resolution Mechanisms 162 E1: Internal Complaints Handling 162 E2: Out-of-Court Formal Dispute Resolution Mechanisms 163 F: Guarantee Schemes and Insolvency 164 F1: Client Protection When a Licensed Person Fails 164 Appendix 1: Sources 168 ANNEX A: RETAIL PAYMENT SERVICES 172 A: Legal and Supervisory Framework 176 A1: Consumer Protection Legal Framework 176 A2: Institutional Arrangements and Mandates 177 A3: Regulatory Framework 179 A4: Supervisory Activities 180 A5: Enforcement 182 A6: Codes of Conduct and Other Self-Regulation 182 A7: Dissemination of Information by the Authority 183 B: Disclosure and Transparency 184 B1: Format and Manner of Disclosure 184 B2: Advertising and Sales Materials 185 B3: Disclosure of Terms and Conditions 186 B4: Key Facts Statements 189 B5: Transaction Receipts 190 B6: Statements 191 B7: Notification of Changes in Rates, Terms, and Conditions 192 C: Fair Treatment and Business Conduct 193 C1: Unfair Terms and Conditions 193 C2: Unfair Practices 193 C3: Customer Mobility 195 C4: Compliance and Professional Competence 195 C5: Competition and Interoperability 196 C6: Agents 197 C7: Protection and Availability of Customer Funds 198 C8: Authorization, Authentication, and Data Security 199 C9: Unauthorized and Mistaken Transactions and Liability for Loss 201 C10:  Operational Reliability 202 D: Data Protection and Privacy 203 D1: Lawful Collection and Usage of Customer Data 203 D2: Confidentiality and Security of Customers’ Information 204 D3: Sharing Customer Information 205 E: Dispute Resolution Mechanisms 206 E1: Internal Complaints Handling 206 E2: Out-of-Court Formal Dispute Resolution Mechanisms 207 Contents  vii F: Guarantee Schemes and Insolvency 208 F1: Depositor Protection 208 ANNEX B: CREDIT REPORTING SYSTEMS 213 A: Legal and Supervisory Framework 215 A1: Credit Reporting Legal and Supervisory Arrangements 215 B: Data Protection and Privacy 215 B1: Consumer Rights in Credit Reporting 215 C: Disclosure and Transparency 217 C1: Unbiased Information for Consumers 217 ANNEX C: FINANCIAL CAPABILITY 219 A: National Financial Capability Strategy 221 B: Leadership and Stakeholder Involvement in an NFCS 226 C: Financial Capability Programs and Activities 228 D: Monitoring and Evaluation 233 TABLES Table 1: Selected Key Readings on Consumer Protection for the Insurance Sector 65 Table 2: Selected Codes of Conduct for the Insurance Sector 75 Table 3: Contents of a KFS for Collective Investment Schemes 151 Table 4: Overview of Consumer Protection Regulation for Credit Reporting Systems 214 BOXES Box 1: Financial Consumer Protection Supervision of NBFIs in Brazil 18 Box 2: NEST’s Use of Language in the United Kingdom 107 Box 3: Pension Projection and Pension Risk Modeling in Chile 115 Box 4: IOSCO’S Model Code of Ethics: Concepts That Should Be Included in the Code 144 Box 5: Statements for Mobile Money Accounts? 192 Box 6: Definitions of Financial Capability, Financial Education, and Financial Literacy 219 Box 7: Lessons Learned from Select Financial Capability Programs 232 FOREWORD In recent years, financial consumer protection has become tools adapted to assessing the market behavior of finan- an increasing priority for policy makers around the world, cial service providers. New issues have also emerged, including World Bank Group client countries. Protecting such as with respect to digital financial services and their consumers from abusive practices and enabling them to implications for consumer protection. make well-informed decisions regarding the use of finan- The 2017 Good Practices for Financial Consumer Pro- cial products and services is an important policy goal in tection thoroughly updates and expands upon the 2012 and of itself, but also has implications for the healthy edition. It is designed to complement existing tools and development of the financial sector, financial inclusion, to serve as a comprehensive reference and assessment and broader economic growth. It is a cross-cutting topic tool to assist policy makers, its primary audience. The with relevance across all types of financial service provid- report consolidates good practices from international ers and financial products and services. guidance and country examples, accompanying them Financial consumer protection is also a rapidly evolv- with practical information on policy considerations for ing area. Since the 2012 edition of the Good Practices for implementation. Financial Consumer Protection, international guidance on On behalf of the World Bank Group, I would like to policy approaches to protect consumers of financial ser- sincerely thank the many government authorities, interna- vices has substantially increased. Policy makers in both tional organizations, and topical experts who generously developed and developing countries have established provided their helpful inputs and suggestions throughout new techniques to address topics such as effective disclo- the development of the 2017 Good Practices. I would also sure of key terms and conditions and appropriate sales like to express my gratitude to the World Bank team for practices. They have as well developed new supervisory their dedication in preparing this flagship publication. Ceyla Pazarbasioglu Senior Director, Finance & Markets Global Practice World Bank Group   ix ACKNOWLEDGMENTS The 2017 edition of the Good Practices for Financial External peer review comments were gratefully receiv- Consumer Protection was developed by a team led by ed from the following institutions: Association of Banking Jennifer Chien, Senior Financial Sector Specialist in the Supervisors of the Americas, Banca d’Italia (Bank of Italy), Finance and Markets Global Practice, World Bank Group. Banco Central do Brasil (Central Bank of Brazil), Banco de The core drafting team consisted of Denise Leite Dias España (Bank of Spain), Banco de Portugal (Bank of Por- (Consultant), Charles Michael Grist (Senior Financial Sec- tugal), Bank of Mauritius, Bundesanstalt für Finanzdien- tor Specialist), Fiona Elizabeth Stewart (Global Lead), stleistungsaufsicht (German Federal Financial Supervisory Richard L. Symonds (Consultant), Harish Natarajan (Lead Authority), Central Bank of Armenia, Committee on Pay- Financial Sector Specialist), Siegfried Zottel (Senior Finan- ments and Market Infrastructures, Department of Finance cial Sector Specialist), and Marco Traversa (Financial Sec- of the Government of Canada, Hong Kong Monetary tor Analyst), all current or former World Bank Group, as Authority, International Association of Insurance Supervi- well as Peter Holtzer (Consultant). Key drafting inputs sors, International Organisation of Pension Supervisors, were also provided by Margaret J. Miller, Fredesvinda Ministry of Finance of Lithuania, Quebec Insurance Com- Fatima Montes, Jan Nolte, Mahesh Uttamchandani (all mission, Securities and Exchange Commission of Brazil, World Bank Group), Eric Haythorne (Consultant), Ivo Jenik and Superintendencia de Banca, Seguros y AFP (Superin- (Consultative Group to Assist the Poor), Maria Chiara tendence of Banks, Insurance Companies, and Private Malaguti (Consultant), and Shaun Mundy (Consultant). Pensions, Peru). The team is also grateful for external peer In addition, valuable contributions were made by review comments and contributions from the following Rosamund Clare Grady (Consultant) and Douglas Melville individuals: Isabelle Barrès (Smart Campaign), Andrea (Principal Ombudsman and Chief Executive at Channel Camargo (MiCRO), Martin Cihak and Cristina Cuervo Islands Financial Ombudsman, Chair of the International (International Monetary Fund), Rodney Lester (Consul- Network of Financial Services Ombudsman Schemes). tant), Elisabeth Rhyne (Center for Financial Inclusion), Overall guidance throughout the development process Guy Stuart (Microfinance Opportunities), David Thomas was provided by Douglas Pearce (Practice Manager) and (Consultant and former Chair of the International Net- Massimo Cirasino (Advisor), both from the World Bank work of Financial Services Ombudsman Schemes), and Group. Charles Hagner provided editorial assistance, and Graham Wright (MicroSave). Thank you all for your valu- Debra Naylor provided design and layout assistance. able insights and suggestions. Internal peer review comments were received from For comments and inputs on early drafts, the team is Nagavalli Annamalai, Gian Luciano Boeddu, Miquel Dijk- thankful to Ana Fiorella Carvajal, Helen Luskin Gradstein, man, Thomas Lammer, Ligia de Souza Neves Lopes, Nina Anthony Randle, Douglas Randall, Luz Maria Salamina, Pavlova Mocheva, Lory Camba Opem, Marc Schrijver (all Anita M. Schwarz, Mitchell Wiener, and Peter Friedrich World Bank Group), Juan Carlos Izaguirre and Katharine Wilhelm Wrede (all World Bank Group). McKee (Consultative Group to Assist the Poor), and Susan For suggestions and insights during the initial stages of L. Rutledge (former World Bank Group). the development process, the team is thankful to Nagavalli   xi xii   Good Practices for Financial Consumer Protection Annamalai, Steen Byskov, Johanna Jaeger, Katherine drore e Republikës së Kosovës (Central Bank of the McKee, Lory Camba Opem, Lois Estelle Quinn (all World Republic of Kosovo), Central Bank of Armenia, Central Bank Group), Rosamund Clare Grady (Consultant), Camille Bank of Nigeria, Comisión Nacional de Microfinanzas Busette (former Consultative Group to Assist the Poor), (National Microfinance Commission, Nicaragua), Comis- Ivo Jenik and Juan Carlos Izaguirre (Consultative Group to ión Nacional para la Protección y Defensa de los Usuarios Assist the Poor), Alexandra Rizzi (Center for Financial de Servicios Financieros (Commission for the Defense and Inclusion), Sonia Arenaza (former Accion International), Protection of Financial Services Consumers, Mexico), Nicola O’Reilly and Robin Simpson (Consumers Interna- National Bank of Rwanda, Ministry of Finance of Lithuania, tional), Cheryl Parker Rose (Consumer Financial Protection State Consumer Rights Protection Authority of Lithuania, Bureau, United States), Michael Chapman (Organisation Superintendencia de Bancos y de Otras Instituciones for Economic Co-operation and Development), Tomas Financiera (Superintendence of Banks and Other Financial Prouza (former State Secretary of EU Affairs, Czech Repub- Institutions, Nicaragua), and Superintendencia de Banca, lic), Susan Rutledge (former World Bank Group), and Jose Seguros y AFP (Superintendence of Banks, Insurance Isaac Rutman (Consultant). The team is also grateful to the Companies, and Private Pensions, Peru). International Financial Consumer Protection Organisation Finally, the team gratefully acknowledges the gener- and G20/OECD Task Force for Financial Consumer Pro- ous financial support of the Swiss State Secretariat for tection for their facilitation and inputs. Economic Affairs (SECO), without which this compre- The team would like to thank the following institutions hensive update and expansion of the Good Practices for for answering a survey and providing critical inputs during Financial Consumer Protection would not have been the initial stages of the development process: Banka Qen- possible. ACRONYMS AND ABBREVIATIONS ACH automated clearing house GP good practice ADR alternative dispute resolution GPFI Global Partnership for Financial Inclusion AML/CFT  anti-money laundering/combatting the financing IAIS  International Association of Insurance Supervisors of terrorism International Network of Financial Services INFO Network  APEC Asia-Pacific Economic Cooperation Ombudsman Schemes APR annual percentage rate IOPS International Organisation of Pension Supervisors ASIC Australian Securities and Investment Commission IORPs Institutions for Occupational Retirement Provision ATM automated teller machine IOSCO  International Organization of Securities BCBS Basel Committee for Banking Supervision Commissions BID basic information document ITU-T  International Telecommunications Union Telecom- BNM Bank Negara Malaysia munications Standardization Sector CFPB  United States Consumer Financial Protection KFS key facts statement Bureau M&E monitoring and evaluation CGAP Consultative Group to Assist the Poor MFI microfinance institution CIU collective investment undertaking MNO mobile network operator COC code of conduct NBFI nonbank financial institution COE Council of Europe NEST  United Kingdom National Employment Savings CONDUSEF  Mexico National Commission for the Protection Trust and Defense of Users of Financial Services NFCS national financial capability strategy CPMI Committee on Payments and Market Infrastructures NPC national payment council CRS credit reporting system OECD  Organisation for Economic Co-operation and DB defined benefit Development DC defined contribution OTC over-the-counter EFT electronic funds transfer P2P peer-to-peer EIOPA  European Insurance and Occupational Pensions PSD2  European Union Revised Payment Systems Authority Directive of 2015 EN explanatory notes PSO payment system operator EU European Union PSP payment service provider FCA United Kingdom Financial Conduct Authority regtech regulatory technology FinCoNet  International Financial Consumer Protection SMS short message service Organization SRO self-regulatory organization FSB Financial Stability Board TCF treating customers fairly G20 Group of Twenty TCI total cost indicator G20 FCP G20 High-Level Principles on Financial Consumer UN United Nations Principles Protection   xiii INTRODUCTION Over the past decade, financial consumer protection The World Bank’s Good Practices for Financial Con- has become an increasingly mainstream priority. A sumer Protection (the Good Practices) was developed strong consumer protection regime is key to ensuring that as a contribution to the emerging global set of tools on expanded access to financial services benefits consumers, financial consumer protection. Published in 2012, the enabling them to make well-informed decisions on how first edition of the Good Practices consolidated knowl- best to use financial services, building trust in the formal edge and experience that the World Bank had gathered financial sector, and contributing to healthy and competi- since 2006 through in-depth reviews of consumer protec- tive financial markets. The global financial crisis of 2008 tion frameworks conducted primarily in Eastern European highlighted the importance of financial consumer protec- and Central Asian countries. The first edition was designed tion for the long-term stability of the world financial sys- primarily to be used as a diagnostic tool and covered the tem. The need for financial stability, financial integrity, main issues that arise in consumer protection, with spe- financial inclusion, and financial consumer protection cialized chapters for sectors such as banking, securities, objectives to complement one another has become an and insurance. increasingly common theme highlighted by global policy makers in recent years.1 The 2017 edition of the Good Practices is also specifi- cally designed not as high-level principles, guidelines, Since then, significant advances have been made in or “best” practices. Rather, it is intended to serve as a financial consumer protection across the globe. In both practical, helpful collection of “good” practices in finan- developed and developing countries, policy makers are cial consumer protection, more detailed than principles or establishing and strengthening legal and regulatory guidelines and drawing on successful practices seen frameworks for financial consumer protection and build- around the world. The Good Practices consolidates, com- ing up specialized supervisory departments. Numerous plements, and expands upon international principles and global bodies have issued guidance on financial con- guidance—such as the Group of Twenty (G20) High-Level sumer protection, including both high-level principles as Principles on Financial Consumer Protection and accom- well as more detailed guidance. Policy makers and inter- panying Effective Approaches to Support Implementa- national organizations are also tackling how to address tion, the International Association of Insurance Supervisors’ new risks to consumers, such as those arising from digital (IAIS) Insurance Core Principles and Application Paper on channels for delivery of financial products and services, Approaches to Conduct of Business Supervision, as well and how to develop new approaches and tools, such as as guidance from the G20/Organisation for Economic incorporating behavioral insights into the design of effec- Co-operation and Development (OECD) Task Force on tive disclosure regimes and developing rules regarding Financial Consumer Protection, the Basel Committee for product suitability. Banking Supervision (BCBS), the International Organiza- tion of Securities Commissions (IOSCO), the International   1 2   Good Practices for Financial Consumer Protection Organisation of Pension Supervisors (IOPS), the Interna- A number of broad changes have been made in the tional Financial Consumer Protection Organization (Fin- 2017 Good Practices. At a structural level, this edition CoNet), the International Network of Financial Services follows a more functional approach by merging the for- Ombudsman Schemes (INFO Network), the International mer chapters on the banking sector and nonbank credit Telecommunications Union Telecommunications Stan- institutions into a single chapter, “Deposit and Credit dardization Sector (ITU-T) Focus Group Digital Financial Products and Services” (chapter 1). The intention is to Services, and many others. cover the full range of institutional types that provide deposit and credit products and services (including non- Since its initial development, the Good Practices has financial firms such as mobile network operators and been used by the World Bank to conduct financial con- white goods stores), as the same good practices for sumer protection diagnostics in over 35 countries to financial consumer protection should apply for all pro- identify consumer protection issues. These diagnostics viders of such services, regardless of institutional form. have provided a wealth of knowledge and experience, This chapter is followed by others on insurance (chapter while also highlighting important revisions needed in the 2) and securities (chapter 4). Within each chapter, the Good Practices. Based on a review of past diagnostics, a focus is on the most common retail2 products and ser- survey of policy makers, and interviews with key stake- vices for that respective chapter. holders, the following enhancements were identified as high priority in this 2017 edition: A new chapter on private pensions and an annex on retail payment services have been added. Previously an • Incorporating new approaches, new research, and new annex due to its preliminary nature, “Private Pensions” international guidance in financial consumer protec- (chapter 3) has been expanded and formalized to provide tion a comprehensive set of good practices focused on private • Reflecting lessons learned and feedback from past pensions, a complex, difficult product for most consum- diagnostics, including making the Good Practices ers. An annex on retail payment services (annex A) was more functional and practically applicable for policy developed as retail payment services are one of the most makers fundamental, widespread services used by consumers every day. Such services raise unique issues related to • Drawing from a broader range of country examples, consumer protection. However, international guidance from both developed and developing countries as well and good practices are still emerging in this area. There- as from across geographic regions fore, the annex should be considered as an initial effort, • Addressing emerging issues, such as those related with plans for further testing and refinement. Annexes on to digital channels, innovative products and busi- credit reporting and financial capability are also included, ness models, and new types of providers of financial as these are complementary topics with relevance across services the entire financial sector. Both annexes cover a subset of issues within their respective areas that are most relevant The 2017 Good Practices comprehensively updates and to financial consumer protection. expands on the previous edition, and is designed to serve as both a reference and a diagnostic tool for Each chapter consists of a common set of GPs, cover- country-level policy makers, its target audience. This ing the most relevant issues that arise during the intended purpose informs both the structure and content course of the relationship between consumers and pro- of this document. Each good practice (GP) describes the viders, from initial product design to sales processes to key elements of a particular GP that regulators should con- ongoing management of customer accounts to dispute sider acting upon, such as the elements to ensure effective resolution. Each chapter is similarly grouped into the fol- disclosure of terms and conditions, or the requirements lowing broad topic areas, as many of these issues are necessary to ensure that remuneration policies encourage applicable across the financial sector: responsible conduct and minimize conflicts of interest. Each GP is accompanied by explanatory notes (ENs) that • Legal and supervisory framework: legal framework, expand on the intent of the GP, discuss policy consider- institutional arrangements and mandates, supervisory ations, and provide practical guidance and country exam- activities, enforcement ples of implementation. In addition to policy makers, the • Disclosure and transparency: format and manner of Good Practices is also intended to be useful to a broad disclosure, disclosure of terms and conditions, notifica- range of stakeholders and to consolidate knowledge and tions of changes in rates, terms, and conditions experience in financial consumer protection. Introduction  3 • Fair treatment and business conduct: unfair terms and privacy; effective recourse; and safety of consumer funds. conditions, unfair practices, product suitability, cus- These issues cut across the financial sector and are there- tomer mobility, agents, compensation of staff and fore addressed in each chapter where relevant. For exam- agents, fraud and misuse of customer assets ple, issues related to digital credit business models and electronic disclosure are highlighted in the chapter on • Data protection and privacy: lawful collection and deposit and credit products and services, while issues usage of customer data, sharing customer information related to e-money, such as unauthorized or mistaken • Dispute resolution mechanisms: internal complaints transactions, are highlighted in the annex on retail pay- handling, out-of-court formal dispute resolution ment services. mechanisms In response to feedback from users of the Good Prac- Within these general topic areas, the GPs in each chap- tices, and in order to serve as a more useful reference, ter are then tailored to the specificities for each respec- the ENs that accompany each GP have been revised tive sector, as the nature of products and services, the and expanded significantly. The GPs are crafted to apply related risks to consumers, and regulatory approaches globally to the largest extent possible. This means that to address these risks vary by sector. For example, the elements of the GPs will be aspirational for some coun- annex on retail payment services includes GPs on unau- tries. To make the Good Practices more applicable for a thorized and mistaken transactions and on liability for loss. global audience, the ENs provide country examples and As pensions are long-term commitments by nature, con- case studies drawn from both developed and developing sumer risks can also differ. The private pensions chapter countries and from across geographic regions. The ENs therefore addresses good disclosure practices regarding also include more references to relevant international the pay-out phase. Securities typically involve more com- guidance and research. plicated products, for which the duty of care of advisors is an important consideration. In particular, the ENs have been expanded to provide more insights regarding implementation. As noted pre- In response to feedback from regulators and supervi- viously, the Good Practices takes an activity-based sors, GPs that were deemed critical have been added approach, aiming to create a level playing field and com- or expanded. In particular, new GPs on institutional prehensive protection for consumers regardless of the arrangements and mandates, supervisory activities, and type of provider with which they engage. However, in enforcement have been added, while GPs on disclosure many countries, implementation of all GPs for all relevant and transparency and fair treatment and business conduct providers will be challenging in practice. Regulatory have been significantly expanded. These new or expanded requirements are obviously not implemented in a vacuum. GPs are intended to capture new and emerging risks as They entail compliance costs for providers and implemen- well as rapid advancements in strategies for effective tation costs for supervisory authorities, who are often jug- financial consumer protection. For example, the GPs gling multiple policy objectives. Excessive regulation can cover how to adapt supervisory tools and techniques for harm financial inclusion, raising product costs and limiting financial consumer protection issues, or what rules should the range of accessible services. Excessive regulation can be put in place to prevent mis-selling or to ensure appro- also lead to lax or ineffective enforcement, with a variety priate compensation policies that do not incentivize of negative impacts on consumer and provider behavior. behavior that may harm consumers. To make the Good Practices more practically useful, Issues related to digital financial services have been the ENs discuss tradeoffs, compliance costs, and the interwoven throughout the Good Practices. Digital need for proportionality and provide illustrative coun- finance is a broad concept, encompassing digital delivery try examples. The ENs explore areas where tradeoffs channels, digital business models, and digital products. arise and proportionality needs to be closely considered, Digital finance heightens certain traditional concerns and particularly when supervising large numbers of small, presents new risks to consumers as well, due to character- sometimes semi-formal nonbank financial institutions istics such as the high speed of transactions, remote (NBFIs) as well as non-financial firms that may vary greatly nature of service, automated decision-making, the role of in legal form, scope of operations, and regulatory over- intermediaries, and the involvement of non-financial enti- sight. Concrete strategies are provided for optimizing ties. Financial consumer protection concerns that are resources and prioritizing efforts effectively and efficiently, raised by digital finance include transparency and elec- such as utilizing a tiered approach to licensing and regis- tronic disclosure; product suitability; provider/agent liabil- tration and employing risk-based supervision. There is ity; alternative data,3 big data, and data protection and also greater emphasis on leveraging data to inform evi- 4   Good Practices for Financial Consumer Protection dence-based policy making and communicating and A further note on the relationship and variation learning from industry participants and consumers to between chapters is warranted. As indicated above, ensure that policy actions are balanced, proportionate, each chapter is divided into similar topic areas. Where and effective. possible, the language for the same GP has been gener- ally harmonized across chapters. This results in some nec- This edition of the Good Practices has undergone an essary redundancy and duplication across chapters. As the extensive internal and external review process. As Good Practices is intended to serve as both a reference noted earlier, numerous stakeholders were consulted and a diagnostic tool, each chapter is designed as a stand- during the initial stages of developing the 2017 Good alone reference for policy makers working in that particu- Practices, as well as throughout the drafting stage. lar sector, as this better reflects the reality on the ground Advance drafts of each chapter were then shared with a in most countries, where multiple financial sector regula- wide range of internal and external stakeholders, includ- tors with their own respective regulatory ambits often ing national-level policy makers, standard-setting bodies, exist. At the same time, there are noticeable differences NGOs, and topical experts, and over a thousand com- across chapters, in both the GPs and the depth of content ments were received from 44 institutions (as noted in the in accompanying ENs. This is due to the fact that in the Acknowledgments). The extensive feedback and numer- 2017 Good Practices, each chapter is more closely aligned ous suggestions, examples, and references were incorpo- with the international guidance developed for that respec- rated into the final text, helping to strengthen and refine tive sector. The chapters therefore reflect the fact that dif- the final document. ferent sectors have taken different approaches to the topic of financial consumer protection, with some sectors The Good Practices should be read with a few import- providing more detailed guidance on a wide range of ant caveats in mind. The Good Practices does not and issues, while others have focused on high-level principles cannot cover everything that could be considered rele- or targeted specific issues to date. vant to financial consumer protection. As noted previ- ously, the GPs focus on good practices that can be broadly For consistency and simplicity, a few defined terms are applied to the most common retail financial products and used in this document, such as authority and consumer. services. Further tailoring will be required for specific The term authority is used in place of government agency, products and services, and some examples of this are institution, or regulator, as this term is broader and more included in the ENs. Topics such as prudential concerns generally applicable across a range of countries. The term and competition are generally not covered in the Good is used as short-hand to refer to whatever agency, institu- Practices, although such topics have an impact on con- tion, or regulator in a country has been designated as the sumer protection and consumer welfare. As the Good authority for financial consumer protection. Depending on Practices focuses on those areas that fall within a financial country context, this could be the same authority as the sector authority’s remit, complementary roles to be played prudential regulator, a separate authority, or even multiple by consumer associations, industry associations, the authorities. Where it is necessary to differentiate between media, law enforcement, and the judicial system are only financial consumer protection regulatory or supervisory lightly touched upon but are important in contributing to activities, the term regulatory authority or supervisory the overall success of any financial consumer protection authority is used. The term consumer is used primarily to framework. Compliance issues at the provider level are refer to individuals, but the Good Practices is not neces- also not discussed in detail, although ensuring that provid- sarily limited to individuals only. Microentrepreneurs and ers effectively implement consumer protection require- small enterprises often face the same consumer protec- ments (for example, through internal audit and compliance tion issues as individuals and require the same basic pro- functions and appropriate corporate governance policies) tections. The term consumer is also used generically to will necessarily underlie implementation for all of the GPs. refer to both potential and existing customers. Where the Finally, country context plays a major role in translating term customer is used, it refers to an existing customer good practices into approaches that work on the ground in who has purchased a product or service. specific circumstances. In particular, legal tradition will play a role in determining how to design appropriate policy Finally, financial consumer protection is a rapidly evolv- approaches. Country examples and, in some cases, legal ing field, with new insights and approaches continually references provided in the Good Practices are for helpful, emerging. Inevitably, not all new insights are reflected in illustrative purposes only and should not be considered this document. For example, new consumer research and “best” practices or transplanted wholesale to another behavioral insights have helped to increase the effective- country without adaptation and careful consideration. ness of disclosure (as well as to highlight its inherent lim- Introduction  5 itations). Risk-based supervisory approaches to financial financial inclusion, many of these innovations present consumer protection are being developed in many coun- potential risks to consumers. These risks are still being tries. Innovative products, channels, and business models articulated, and consensus regarding appropriate regula- are emerging, such as crowd-funding and peer-to-peer tory approaches is still developing. Such topics are lending, the use of blockchain and distributed ledgers, touched upon where possible and will be monitored and the use of alternative data and big data analytics for closely with a view to their inclusion in future editions of credit scoring. While posing exciting opportunities for the Good Practices. NOTES 1.  For example, see the white papers Global Standard-Setting 3.  Alternative data refers to non-financial information used to Bodies and Financial Inclusion: The Evolving Landscape assess the creditworthiness of consumers or to determine (Global Partnership for Financial Inclusion, March 2016) and consumer profiles and market targeted products. Such Global Standard-Setting Bodies and Financial Inclusion for data can include utility and mobile phone bills, mobile the Poor: Toward Proportionate Standards and Guidance airtime consumption history, electronic payments, and (Global Partnership for Financial Inclusion, September 2011). social media. In the Good Practices, the term retail is used to refer to 2.  products and services primarily provided to individual consumers as opposed to corporations. 1 DEPOSIT AND CREDIT PRODUCTS AND SERVICES This chapter focuses on the consumer protection the International Telecommunications Union Telecommu- issues and practices applicable to retail deposit and nications Standardization Sector (ITU-T). credit products and services, regardless of provider type. Public trust is crucial for the development of any This chapter is relevant to banks as well as nonbanks, country’s financial sector, and having effective access to including nonbank financial institutions (NBFIs) such as suitable financial products and services has an important microfinance institutions (MFIs), consumer finance com- impact on the financial and general welfare of a country’s panies (for example, credit card companies, consumer citizens. Transparent pricing, complete as well as simply lenders), leasing firms, payday lenders, mortgage lend- presented information, consumer choice and mobility, ers, pawnshops, financial cooperatives, and credit fair terms and conditions and business conduct, and unions. It is also relevant to nonfinancial firms providing effective dispute resolution mechanisms can spur public credit services such as mobile network operators, white trust in the financial sector. However, the vast majority of goods stores, and auto loan providers. Banks and non- consumers are at a significant disadvantage in business banks are covered in a single chapter for two main reasons. relations with any financial service provider and require First, the lines between the bank and nonbank sectors are appropriate and comprehensive protection. increasingly blurred, with both sectors offering basic prod- ucts and services to a variety of consumer segments, from The following good practices (GPs) are aimed at help- credit to payments, and investment advisory to deposit ing policy makers not only to ensure fairness in the services. In particular, in many countries a wide array of delivery of deposit and credit products and services to NBFIs as well as nonfinancial firms provide retail credit, the widest possible range of consumers, but also to raising consumer protection issues that are similar to issues curb poor business conduct and ineffective dispute res- raised by banks providing retail credit. Second, addressing olution mechanisms. The ultimate goal is to increase and all bank and nonbank providers of credit and deposit prod- maintain consumer confidence and trust in the financial ucts and services in the same chapter is consistent with the system. Where applicable, the GPs and related explana- general principle that all consumers are entitled to protec- tory notes incorporate and build off of guidance from tions based on common principles, regardless of the pro- international standard-setting bodies and organizations, viders they choose (or have access to). such as the Basel Committee for Banking Supervision (BCBS), the Committee on Payments and Market Infra- However, the above does not mean that the approaches structures, the Group of Twenty (G20)/Organisation for to implementing common principles, including the Economic Co-operation and Development (OECD) Task amount and type of regulatory and supervisory Force on Financial Consumer Protection, and the Interna- resources used, will always be the same for banks and tional Financial Consumer Protection Organization (Fin- nonbanks. Practical implementation challenges are quite CoNet), as well as from other relevant organizations such likely to arise, and some principles may be aspirational as the Consultative Group to Assist the Poor (CGAP) and when applied to all providers. In numerous jurisdictions,   7 8   Good Practices for Financial Consumer Protection bank prudential supervision tends to receive and will con- principles. While a few countries have created a separate tinue receiving the bulk of attention and resources by authority dedicated to financial consumer protection, financial supervisory authorities, given banks’ systemic this approach is not specifically advocated for all coun- importance, among other considerations. Due to these tries, nor will all countries be able to adopt it. The term circumstances, this chapter offers insights for authorities financial consumer protection authority is therefore not who are undertaking the challenging task of building a used in this chapter to refer solely to a dedicated, sepa- harmonized, proportional institutional, legal, regulatory, rate authority. This chapter does not advocate for any and supervisory approach to balance consumer protec- particular approach for institutional arrangements and tion with prudential, competition, financial inclusion, and mandates, and while it calls for technical and operational other policy goals in diverse deposit and credit markets, independence of the consumer protection “function,” it regardless of provider type. In addition, the chapter high- recognizes that in many countries, independence could lights occasions where the application of common princi- be sought within the structure of existing supervisory ples entails special considerations that may depend on authorities that have other mandates. the provider type. When dealing with a large, diverse, and dynamic sec- A key complexity introduced by nonbanks that vary tor, another consideration that is particularly relevant greatly in their legal forms and scope of operations is for developing countries is the limited capacity of reg- whether and which providers should be covered by ulatory and supervisory authorities. As noted above, financial consumer protection legal, regulatory, and while there should be an effort to apply similar princi- supervisory frameworks. This chapter presents an ideal ples to all providers, authorities will need to be strate- situation where all bank and nonbank providers of deposit gic and establish priorities to be able to balance and credit products and services are subject to a clear different statutory mandates (such as consumer protec- financial consumer protection legal framework. More- tion, competition, systemic stability, curbing financial over, it suggests that large nonbank providers (in num- crimes, and financial inclusion) with limited staff and bers of consumers served) be subject to supervision or at resources, while being proportional to the specific risks least monitoring by a financial supervisory authority with posed by different types of providers. Supervisors in a mandate for consumer protection, rather than a general low-capacity countries may face difficulties in introduc- consumer protection authority or other authority outside ing consumer protection principles overall, as these the financial sector. However, in practice, countries will require specialized expertise and a higher level of sub- obviously need to consider different approaches due to jectivity compared to prudential supervision, which can their particular and varied contexts. For some countries, it be challenging, at least in the first years of implementa- may not be feasible to achieve the “ideal” situation where tion. Technology, and in particular the use of regulatory a comprehensive legal framework provides complete technology (“regtech”), could help supervisors alleviate coverage of nonbanks. In the chapter, examples and some of the implementation challenges. materials are offered to assist countries to effectively operate within and to improve environments where legal The GPs included in this chapter have been crafted frameworks may be fragmented and institutional arrange- specifically to enable their use across a wide range of ments quite diverse. countries, across various income levels, and at different stages of financial sector development. Certain GPs It is crucial to note the use of the terms financial con- may represent more aspirational goals in some countries, sumer protection authority and authority in this chap- or goals that can be achieved only over the long term. ter. As indicated in the introduction, these terms refer to This chapter provides examples of implementation, prior- any authority (or authorities) that has a mandate to itization, and proportionality challenges, although it can- implement the financial consumer protection legal not offer comprehensive guidance on these multifaceted framework in a country, specifically with regard to deposit and context-specific issues. Each GP and its accompany- and credit products and services and their providers. This ing explanatory notes are drawn from a range of countries could include prudential authorities such as central banks partly to reflect the diversity of markets and alternative but may also include authorities outside the financial sec- approaches, including those that aim to balance financial tor, such as general consumer protection agencies. In inclusion and consumer protection goals. Country exam- many countries, a combination of different authorities ples are cited to provide readers with further useful refer- will be working toward similar goals, thus requiring coor- ences. In all cases, country examples should be considered dination and collaboration to achieve comprehensive examples only and not necessarily representative of and harmonized implementation of consumer protection “best” global practices. Deposit and Credit Products and Services   9 Both banks and nonbanks are trying out new prod- banks and nonbanks are furthering the disaggregation of ucts, channels, technologies, and partnerships to the financial services value chain and blurring the lines of serve existing clients as well as new consumers who responsibilities. As these pervasive trends could increase may have been previously excluded from the financial the complexity of implementing financial consumer pro- sector. This chapter highlights the need to pay special tection principles, authorities should strive to ensure pro- attention to these targeted consumer segments, the new tection of consumers of digital financial services by channels being used to deliver deposit and credit prod- adapting their legal and regulatory framework where ucts and services, and innovative business models that necessary. are emerging globally under the catch-all terms “digital finance,” “digital financial services,” and “fintech.” For This chapter should be read in conjunction with annex instance, providers may serve vulnerable and inexperi- A, “Retail Payment Services.” The annex covers GPs for enced consumers in urban and rural settings, expanding financial consumer protection regarding retail payment the frontier of financial inclusion on the one hand, while services. There are close interlinkages between such ser- creating particular consumer protection challenges on vices and deposit and credit products and services, partic- the other. Moreover, new types of nonbank providers ularly with respect to mobile money, whose classification have been leading innovations in digital credit,1 and as either a payment or banking service may vary. This many banks are continuing on the path toward full digi- chapter touches upon e-money services such as mobile talization. Both trends bring certain consumer protection money; further details can be found in the retail payment concerns. Lastly, new types of partnerships between services annex. A: LEGAL AND SUPERVISORY FRAMEWORK A1: LEGAL FRAMEWORK a. There should be a clear legal framework that establishes an effective regime for the protection of consumers of retail deposit and credit products and services. b. In the event that the legal framework takes an institution-based approach—that is, respective financial sector laws cover specific types of financial service providers—efforts should be made to ensure that the overall legal framework provides sufficiently comprehensive coverage and to avoid conflicts or lack of clarity. c. The authority or authorities responsible for the implementation of the financial consumer protection legal framework (the “authority”) should make efforts to license or register financial service providers offering retail deposit and credit products and services in an efficient manner (for example, via a tiered approach) in order to obtain basic information from such providers. d. Where financial service providers are required to be licensed by the authority, the authority should have the power to establish minimum entry criteria. The licensing process should, at a minimum, require that The applicant’s beneficial owners, board members, senior management, and people in control i. functions demonstrate integrity and competence; and There are appropriate governance and internal controls in place, including specific controls to mitigate ii. consumer protection risks. e. The legal framework should include provisions establishing the responsibilities, powers, and accountability of the supervisory authority (or authorities) in charge of implementation of the legal framework. f. The legal framework should be developed as a result of a consultative process that involves the industry, relevant authorities, and consumer associations. 10   Good Practices for Financial Consumer Protection Explanatory Notes their provisions to the extent possible to avoid gaps, con- All financial service providers (banks, NBFIs, and nonfinan- flicts, ambiguities, or an unlevel playing field. Careful cial firms) offering deposit and credit products and ser- planning and execution will also be needed to create a vices should be subject to a law (or more than one law) functional institutional arrangement to implement the that establishes minimum and specific standards for pro- overall legal framework, such as determining which tecting consumers. Many countries have general con- authorities will cover which parts of the financial sector, sumer protection laws that apply to all types of products what powers they will have, and what coordination mech- and services, but such laws are often not specific, clear, or anisms are needed. (See A2.) comprehensive enough to provide effective protection to As emphasized in Principle 1 of the G20 High-Level consumers of financial products and services. For instance, Principles on Financial Consumer Protection (G20 FCP they usually do not allow for the creation of detailed con- Principles),4 an important consideration with regard to a sumer protection regulations by financial regulatory financial consumer protection legal framework is its cov- authorities. erage. Lack of coverage can happen even where a It is good practice to have legal provisions that deal stand-alone financial consumer protection law exists. For specifically with consumer issues in the financial sector instance, in Canada, Colombia, Mexico, and Peru, the and to determine in broad terms which authority (or financial consumer protection law applies only to provid- authorities) will be responsible for implementing these ers that are required to obtain a license/authorization to provisions. Numerous approaches can be used to achieve operate from a prudential regulator.5 It may be practical to these objectives, each with its own pros and cons. Irre- limit coverage to prudentially regulated financial service spective of approach, the ultimate goal is a legal frame- providers, but this will result in some nonbank credit pro- work that provides effective protection. One approach is viders (such as retail stores and fintech credit providers) to have a stand-alone legal framework in the form of over- and even NBFI deposit takers (such as credit cooperatives arching financial consumer protection law(s), as in Canada, or rural banks serving low-income populations) being left Colombia, Mexico, and Peru.2 Stand-alone financial con- out. Given the increasing importance of nonbank actors in sumer protection law(s) usually cover a variety of provider providing deposit and credit services to a larger group of types and products and offer a higher degree of transpar- the population (including low-income and low-literacy ency, flexibility, and clarity for authorities to implement individuals), it is worth considering practical options to overarching principles through specialized regulations, bring them under the financial consumer protection legal supervision, and enforcement.3 This approach is likely to framework in some fashion. be more effective than others in avoiding regulatory gaps Consideration should also be given to the challenges and conflicting provisions across different laws. Ideally, the in adapting institution-based legal frameworks to address financial consumer protection legal framework should be fast-evolving digital finance models that combine non- activity-based—that is, covering all providers of similar banks and banks (for example, products linked to one products and services. Countries may also have separate another, such as digital credit, or insurance products linked laws that address specific products and services, such as to mobile wallets or bank accounts). An activity-based laws on credit products and services, as in Australia, legal framework may provide more flexibility in addressing Ghana, Sierra Leone, South Africa, the United Kingdom, the emerging realities of digital financial services. and the United States. The legal framework should clarify whether and which While an activity-based approach, via either a compre- types of providers are subject to licensing or registration hensive stand-alone law or product-specific laws, can be requirements. While banks must obtain a license from a more effective in achieving broad coverage and better prudential regulatory authority prior to commencing oper- clarity, this approach may not be feasible in all countries. ations,6 in many countries some types of NBFIs and non-fi- In many countries, financial sector laws may take an insti- nancial firms may not even be required to register7 with tutional approach—that is, they cover specific types of any financial sector authority in order to provide deposit providers (such as banks, finance companies, MFIs). As a or credit product and services. To the extent possible, all result, some types of providers may not be covered by types of providers of deposit and credit products and financial consumer protection provisions (though they services should at least be required to be registered with may still fall under a general consumer protection law, if the financial consumer protection authority. Registration one exists). In such instances, regulators should make accompanied by minimum regular reporting is particularly concerted efforts to ensure that the multiple laws address- relevant if the legal framework requires providers to obtain ing financial consumer protection are comprehensive a license only when their operations reach a certain thresh- enough to cover all providers of deposit and credit prod- old—that is, a tiered licensing system, further discussed ucts and services, as well as all relevant consumer protec- below.8 While not imposing entry requirements, registra- tion issues. Efforts should also be made to harmonize tion permits the authority to maintain a register with basic Deposit and Credit Products and Services   11 information about each provider. Although registration • Tier 3: Certain NBFIs and nonfinancial firms are only does not entail supervision, it can facilitate ad hoc or reg- required to register. They can commence activities ular data collection, which may be useful, for example, to without prior approval by the authority and are required develop a comprehensive mapping of the deposit and to register with the authority within a timeframe deter- credit markets and to monitor indebtedness levels, finan- mined by the authority. Registration does not entail cial inclusion and geographical coverage indicators, and meeting entry requirements. Regular reporting of basic overall market development. information may be imposed for monitoring purposes. If licensing is imposed, the licensing process provides Ceasing operations entails only a notification to the an opportunity for the authority to form an early assess- authority. ment of management’s ethical standards and the provid- In Cambodia and Uganda, for instance, tiered microfi- er’s preparedness for complying with the applicable nance regulations require MFIs with portfolio values above financial consumer protection laws and regulations. If the prescribed thresholds to apply for a license, while others authority is a prudential authority with a consumer protec- are subject to registration only. Most likely, this tiered sys- tion mandate, consumer protection aspects could be tem would similarly affect the implementation of con- added to the existing licensing process.9 Adding con- sumer protection regulations for MFIs in these countries. sumer protection as an element of licensing could poten- While pragmatic alternatives, tiered approaches need to tially benefit other mandates, since some aspects of be balanced against the risk of regulatory arbitrage.11 In consumer protection may be closely related to the long- deciding appropriate tiers and related thresholds, consid- term financial soundness of a provider. eration should be given to how supervisory strategies can In many countries, deposit and credit markets are very reduce such risks. (See A3.) large and expanding. This may require a tiered approach Where the financial consumer protection authority is to registering and licensing, as illustrated by the following separate from the prudential supervisory authority and theoretical tiered structure:10 registering or licensing are imposed by both, efforts should • Tier 1: Banks and certain NBFIs are required to obtain be made to streamline the overall process to avoid unnec- a license by the authority prior to commencing oper- essary regulatory burden and to increase efficiency. This ations, regardless of the size of their operations. Min- can be done by mutual consultations before requiring imum entry requirements are imposed, and operation documentation from a provider for registration or licens- cannot be ceased without prior approval by the ing purposes. The license by a prudential authority may authority. replace the need for licensing or registration by the finan- cial consumer protection authority. • Tier 2: Certain NBFIs and nonfinancial firms (which are Finally, as in any area of law or rule making, financial registered already) are required to obtain a license if consumer protection laws can benefit from international their operations meet certain thresholds of size and/or guidance (including model laws)12 and peer-country analy- complexity. This entails meeting minimum entry sis. However, they should be fully tailored to a country’s requirements, which could be lower than or the same unique context. Transplanting model laws or other coun- as requirements applicable to the next tier up. try’s laws is likely to be ineffective. A2: INSTITUTIONAL ARRANGEMENTS AND MANDATES a. The authority (or authorities) in charge of implementing the financial consumer protection legal framework should have an explicit and clear legal mandate for consumer protection. b. The authority should have legal powers to Issue binding regulations for financial consumer protection, as well as guidelines or other instruments i. under these regulations; and Implement and enforce the application of the financial consumer protection legal and regulatory ii. framework. c. The authority should have an adequate allocation of resources and be operationally independent from external interference from political, commercial, and other sectoral interests. d. Appropriate legal protection should be established to protect the authority and supervisory staff from personal litigation in the good-faith exercise of their supervisory duties. 12   Good Practices for Financial Consumer Protection e. Any overlap between the legal mandates of different authorities implementing the financial consumer protection legal framework, as well as between such authorities and prudential, competition, and other authorities, should be minimized. f. If a single authority is responsible for both prudential and consumer protection regulation and supervision, there should be coordination between these functions. g. There should also be effective coordination between different authorities implementing the financial consumer protection legal framework, as well as with other authorities that could have a relevant role in financial consumer protection, including authorities outside the financial sector, if relevant (for example, telecommunications regulator). h. The authorities should liaise with relevant consumer and industry associations, as well as with the media, when appropriate, to ensure that they play an active role in promoting financial consumer protection. Explanatory Notes cases, as in Armenia, Brazil, Georgia, Ghana, Malawi, Nigeria, and Portugal, a multiagency institutional arrange- Institutional structure ment will prevail in which existing financial sector authori- No single model of institutional arrangement for financial ties such as central banks and other authorities with a consumer protection is optimal in all countries. Neverthe- prudential mandate become responsible for consumer less, in all cases, the institutional arrangement for protect- protection for different bank and NBFI sectors. ing consumers of deposit and credit products and services should aim to facilitate the implementation and enforce- Coverage ment of consumer protection laws, including the issuing of Nonbanks will often present the biggest challenge for the regulations, across all bank and nonbank providers in a implementation of a financial consumer protection legal consistent, thorough, and timely manner. In practice, this framework because, unlike banks, there is generally no will depend greatly on the number and types of authori- single framework for their regulation. In the case of banks, ties with a mandate to implement the legal framework, it is common for the bank prudential supervisor to assume their respective mandates and remits, the resources avail- consumer protection responsibilities. However, in some able to them, and the effectiveness of the coordination countries, there may exist both a large number and a wide between them. The authorities responsible for imple- variety of nonbanks providing deposit and credit services. menting the financial consumer protection legal frame- Some of these nonbanks may fall under the bank pruden- work, regardless of their nature and specific mandate, are tial supervisor, while others may fall under the remit of referred to in this chapter as “financial consumer protec- another financial sector authority or outside the remit of tion authority” or “authority” (or “authorities”). any prudential supervisor (for example, nonfinancial firms There are different options for a country’s institutional providing credit or financial cooperatives under ministries arrangement. All options require careful consideration of of agriculture or finance). the existing institutional setup for broader financial sec- As stated in A1, all providers of deposit and credit tor regulation and supervision. For example, a compre- products and services should ideally be covered by the hensive, activity-based financial consumer protection financial consumer protection legal framework. Similarly, legal framework could provide the basis for creating a all providers should ideally also be under the remit of separate financial consumer protection authority cover- some type of authority with the power to enforce the ing all types of providers of financial services, including financial consumer protection law (or laws). Where this is of deposit and credit products and services.13 This model not possible, efforts should be made to at least bring non- minimizes regulatory gaps, increases consistency in the banks that present higher risks to consumers (such as large implementation of laws and regulations, and reduces the providers of consumer credit or large financial coopera- risk of conflicts of interest that could arise when the con- tives) under the remit of a financial supervisory authority sumer protection function is performed by a financial with a consumer protection mandate. Other authorities, sector authority that also has a prudential mandate. (See such as general consumer protection agencies, are often further discussion below.) focused primarily on the protection and safety of consum- However, a specialized financial consumer protection ers regarding nonfinancial products and services, such as authority that focuses exclusively on implementation of food safety, and may lack the power to license or register the financial consumer protection legal framework may financial service providers or to conduct supervision or not be possible or appropriate in many countries. In many take enforcement action against non-compliance. Where Deposit and Credit Products and Services   13 other authorities do have supervisory powers, they will Intra-authority and inter-authority coordination likely lack adequate expertise and resources to conduct As clearly stated in Principle 2 of the G20 FCP Principles, supervision at a level similar to that of financial supervisory establishing a good level of coordination and cooperation authorities. across different departments, whether under a single authority or across authorities, should be a priority. One Mandate and powers example is the coordination mechanism established in the Irrespective of which institutional arrangement is selected United Kingdom between the Financial Conduct Author- for financial consumer protection, it is important that the ity (FCA) and the Prudential Regulation Authority through authority has a clear legal mandate and sufficient regula- a memorandum of understanding.14 A similar understand- tory, supervisory, monitoring, investigatory, and enforce- ing was reached between the Australian Prudential Regula- ment powers to achieve its goals. For example, the tory Authority and the Australian Securities and Investment authority should have enforcement powers over all pro- Commission (ASIC).15 Coordination can cover, for instance, viders of deposit and credit services within its remit, sharing of information and supervisory findings. including those that are only registered and not licensed Coordination is also important between the financial or supervised by it. (See A1.) consumer protection authority and other authorities rele- vant to financial consumer protection, such as the compe- Addressing potential conflicts of interest tition authority, the payments authority, and other sectoral Attention is warranted to the potential conflicts of interest authorities (insurance, securities). Competition is closely that could emerge between the consumer protection and related to consumer choice and protection as well as finan- the prudential functions when placed under the same cial inclusion, so it is important that authorities coordinate authority, as will often be the case. For example, con- to monitor competition issues in retail markets or to take sumer protection supervisors may benefit from dissemi- actions, particularly when the competition authority’s man- nating observed bad practices, including by naming and date extends to financial consumer protection, as is the shaming individual providers. They also may disseminate case in Australia,16 Brazil,17 El Salvador,18 and Singapore.19 the reasons for applying heavy fines for misconduct. Such In addition, given the increasing convergence of tele- publicity can potentially lead to improvements in the communications and information technologies and the business standards of the concerned provider as well as financial sector, particularly in the supply of digital deposit its peers, who may try to avoid similar exposure. In con- and credit products via new channels, there is a growing trast, prudential supervision is usually more secretive due need for coordination with the telecommunications regu- to the sensitivity of the findings about a provider’s finan- lator and related authorities. Mobile phone networks are cial soundness, on which the public and, in particular, increasingly important as a channel for financial services, depositors rely. and many consumer protection and competition issues These potential conflicts of interest are the primary jus- may arise, particularly when mobile network operators tification for the separation and independence of the two compete for the provision of financial services. Examples functions, either by having separate authorities or by at of formal coordination in this regard include Ghana, India, least separating the functions internally within the same Myanmar, Nigeria, Tanzania, and Zambia.20 authority. As in prudential supervision, consumer protec- tion should benefit from technical and legal indepen- Interacting with industry and consumer associations dence, adequate budget and financing, and resources Liaising with industry associations is an increasingly import- and an adequate level of authority to achieve its goals. ant practice, particularly in situations where unregulated One strategy to achieve these objectives is placing the NBFIs or nonfinancial firms provide deposit and credit ser- consumer protection function at the same hierarchical vices similar to those provided by regulated providers. The level as prudential supervision and establishing different authority can issue nonbinding “guidelines” or liaise and lines of reporting. This approach can help to minimize cooperate with industry associations to use moral suasion potential conflicts of interest, biased decision making, or as a means of implementing standards similar to those inadequate resource allocation, and also allows for spe- applicable to regulated providers. For example, the Cen- cialization of staff. This approach has been observed in tral Bank of the Philippines has worked to implement stan- many countries, including Armenia, Chile, Hong Kong, dardized disclosure formats in the unregulated microfinance Malaysia, Portugal, and Singapore. When starting up a sector. The State Bank of Pakistan and the Securities and new authority or department dedicated to financial con- Exchange Commission of Pakistan coordinate with the sumer protection, provisional arrangements can be used Pakistan Microfinance Network on a range of issues with to address a short-term lack of capacity or resources, such regard to microfinance providers. Industry-based initiatives as technical assistance from and joint inspections with pru- can help to minimize the impact of regulatory and institu- dential supervisors. tional gaps that stem from the existing legal framework for 14   Good Practices for Financial Consumer Protection financial consumer protection. (See A6.) In order to media can help raise awareness of instances of malprac- encourage good practices in unregulated markets in par- tice by financial service providers to discourage miscon- ticular, authorities may, for instance, work with industry duct. In the European Union (EU), there are consumer bodies toward the development of assessment and certifi- associations that deal with financial services; some even cation tools that mirror the standards applied to regulated receive funding from the European Community.21 Like the providers, or the adoption of internationally developed European Community’s consultative bodies,22 the Con- principles, such as those created by the Smart Campaign sumer Financial Protection Bureau (CFPB) in the United for the microfinance industry. States has also created consultative groups with the par- Finally, civil society, domestic and international con- ticipation of consumer associations and other relevant sumer associations and advocacy organizations, and the stakeholders. A3: REGULATORY FRAMEWORK a. There should be a comprehensive regulatory framework that elaborates on the law to protect consumers of deposit and credit products and services. b. At a minimum, the regulatory framework should include Disclosure and transparency; i. Fair treatment and business conduct; ii. Data protection and privacy; and iii. Dispute resolution mechanisms. iv. c. Such regulations should be legally enforceable and binding on providers of deposit and credit products and services. d. The regulatory framework can use a principles-based approach, a rules-based approach, or a hybrid approach. e. The regulatory framework should be consistent, including across regulations issued by different authorities with respect to similar products and services. f. Regulations should be written in a manner that minimizes ambiguity and the possibility of differing interpretations. g. The formulation of regulations should involve consultations with a range of relevant parties. h. Regulations should benefit from consumer research and behavioral economics. i. Regulations should take into account international guidance and standards and benefit from research regarding the regulatory practices of other countries. However, model laws and other countries’ regulations should not be transplanted without customization to a country’s particular context. Explanatory Notes term plans are made for the gradual improvement of the The financial consumer protection regulatory framework regulatory framework. should be comprehensive in order to encompass the Regulations should be written in a manner that mini- range of consumer protection topics relevant to retail mizes ambiguity and the possibility of differing interpreta- deposit and credit products and services offered by vari- tions to provide certainty for providers, supervisors, and ous types of bank and nonbank providers. However, for the general public; facilitate compliance and enforce- practical purposes, if a country lacks a comprehensive reg- ment; and reduce the regulatory burden on providers. ulatory framework and the authority faces resource or The overall regulatory framework should be consistent, so other constraints in promulgating new regulation, a priority should be given to harmonizing different regula- phased approach can be utilized in which topics and pro- tions if needed, including regulations for similar products vider types are prioritized according to the most pressing and services issued by different authorities. issues observed in the particular country, while longer- Deposit and Credit Products and Services   15 Rule making should follow a consultative process. transactions, marketing materials, and other forms of dis- There should be active engagement with industry and closure; have such records available for the supervisor; consumer associations, if relevant, either through perma- and provide copies to consumers upon request. Lastly, nent consultative groups (see A2) or ad hoc consultation good practices for retail payment services, such as clear during each regulatory reform. Studying examples of reg- rules for providers to reverse mistaken transactions in a ulatory approaches in other countries, as well as model timely manner, are crucial in responsible digital financial regulations and laws, can assist in the rule-making pro- services. (See annex A, “Retail Payment Services.”) cess. However, transplanting regulations or model laws/ Whenever possible, rule making should incorporate regulations from one jurisdiction to another is likely to be the findings of consumer testing and research to ensure ineffective and inappropriate; each country context will that regulations produce the desired results. For instance, require a different and tailored approach. the Central Bank of the Philippines, the National Commis- Given the rapid expansion of digital financial services sion for the Protection and Defense of Users of Financial worldwide, it is crucial that authorities make efforts not Services (Condusef) in Mexico, the Bank of Ghana, the only to cover all the topical areas of consumer protection Central Bank of Rwanda, and the National Bank of the Kyr- as listed in clause A3(b), but also to ensure that such pro- gyz Republic have all tested proposed new disclosure for- tections apply to and, if needed, are adapted for the mats such as key facts statements (KFSs) to assess their unique aspects of digital financial services, both to allow usefulness to consumers.24 New findings from the applica- for innovation as well as to protect consumers from new tion of behavioral economics to financial regulation can risks. For example, existing regulation may need adjust- also contribute to building a more effective regulatory ment to ensure that protections are clearly extended to framework. The CFPB in the United States, the FCA in the consumers using digital channels and agents. (See C7.) United Kindom, and ASIC in Australia have all taken Regulation that requires paper-based disclosures or in-per- behavioral research into consideration when designing or son interactions between consumers and providers may reforming regulation.25 also need reforms to accommodate remote interactions Regulation (as well as laws) should take into account and the use of agents. Digital credit, which often relies guidance and knowledge produced by international orga- heavily on automated credit decisions based on alternative nizations such as FinCoNet, the OECD, the Financial Sta- scoring models and can involve new types of providers, bility Board (FSB), and the BCBS. With respect to digital may require particular attention from authorities to ensure financial services, the recommendations of the Consumer that regulations appropriately protect consumers of digi- Experience and Protection Working Group, part of the tal credit—for example, with respect to data protection broader ITU-T Focus Group on Digital Financial Services, and privacy.23 In addition, regulation should ensure that are also useful.26 providers of digital finance keep records of consumer A4: SUPERVISORY ACTIVITIES a. Consumer protection supervision should be risk-based to optimize the use of supervisory resources and increase effectiveness. b. Supervision should be comprehensive, proactive, and mostly forward-looking, aimed at identifying emergence of poor practices. c. The authority should collect and use high-quality and timely data, including data reported by providers in a standardized, electronic format. d. The planning of consumer protection supervisory activities should be conducted on a regular basis within a documented framework and following a set process. e. Supervisory procedures should be based on specialized supervision manuals to ensure standardization and consistency. f. The authority should deploy an adequate range of supervisory tools and techniques, such as market monitoring, off-site and on-site inspections, and thematic reviews. g. Although it may play a role in facilitating the resolution of individual consumer complaints, the authority should focus primarily on regulatory and supervisory activities. 16   Good Practices for Financial Consumer Protection h. The authority should evaluate its supervisory approach, tools, and techniques, as well as supporting information systems, on a regular basis, to enable its staff to assess institution-specific and market-wide risks effectively. i. Supervisory staff should meet high professional standards and have sufficient knowledge and appropriate expertise and training to carry out financial consumer protection supervisory activities. Explanatory Notes Quality and timely data Quality data are essential for a cost-effective, risk-based, Risk-based and forward-looking and forward-looking supervisory system. The core of To optimize the use of scarce resources, financial con- supervisory data is the data reported by providers on a sumer protection supervision should strive to be risk- regular basis. The authority should outline a detailed data based, with prioritization of riskier consumer issues and needs/frequency map linked to its supervisory objectives providers. A risk-based consumer protection supervisory and determine the specific uses that each data point will system follows the same basic concepts as risk-based pru- have. Bank and nonbank providers should be required to dential supervision, such as the concepts of inherent risk assign an official responsible for the quality and complete- and risk mitigants. However, consumer risks are intrinsi- ness of regulatory reporting. Quality data also require cally different from prudential risks, and the criteria for pri- standardization and electronic formats, following com- oritization of providers and topics for supervisory purposes mon definitions determined by the authority—for exam- will also differ. There are many possible methodologies, ple, the definition of complaints versus enquiries. such as the “Treating Customers Fairly” framework used Many authorities are also expanding their data-col- by United Kingdom’s FCA and the Hong Kong Monetary lection systems to add a broad range of unstructured Authority.27 data, such as “big data” (including data available inter- It can be helpful to take a forward-looking view by nally at the authority, such as documents analyzed identifying emerging and potential future risks stemming during licensing). This is becoming increasingly possible from current market practices and trends and taking by leveraging regtech solutions. Data useful for financial supervisory actions to avoid materialization of, or to mini- consumer protection supervision can also include other mize, such risks. ASIC in Australia, FCA in the United King- sources beyond regulatory reports, such as information dom, and the Authority for the Financial Markets in the publicly available on the Internet about deposit and Netherlands all include forward-looking risk analysis in credit products and services, such as consumer model their business plans, with identification of priority areas of agreements and price tables, or complaints data from action for the next year or so. alternative dispute resolution (ADR) schemes for the The emergence of new types of business models and financial sector. nonbank providers of deposit and credit products and ser- In many countries, collecting quality data on an ongo- vices that have different systems, risk cultures, gover- ing basis through regulatory reports may pose a practical nance, commercial strategies, and internal processes may challenge due to inadequate management information require revaluation of institutional risk mappings com- systems at financial service providers and at the authority pared to the risk mapping of traditional banking busi- as well.29 Nonbanks may present particular challenges in nesses. New strategies, technologies, business alliances, this area. For instance, small financial cooperatives and and outsourcing arrangements in disaggregated value MFIs may be only partially computerized and may be chains may also be used by banks, which may change unable to produce regulatory reports in an automated their consumer risk profile. For instance, banks and other manner. Although, in theory, all regulated providers providers may rely extensively on retail agents and agent should have systems to produce quality regulatory reports, network managers to deliver their services, so supervision given the varying levels of sophistication to be found in needs to account for the consumer risks arising from the nonbank sectors, the authority may need to take a gradual use of agents and how the provider manages and super- approach. In the first stage, the focus could be on intro- vises these outsourced parties.28 Attention should also be ducing a computerized reporting system and imposing given to the impact of new technologies on consumer reporting requirements for a more limited range of data risks. For example, the use of automated decision making (for example, standardized consumer complaints statistics) through artificial-intelligence applications to offer con- covering only a few types of major providers, such as sumer loans or give financial advice may require adapta- banks and large NBFIs. Over time, the system for collect- tions in the risk-based model or in auditing techniques. ing quality data can be expanded and improved. Regtech Deposit and Credit Products and Services   17 solutions can help supervisors address challenges and • Assessing business practices and their relationship speed up this process. with the provider’s governance structure, corporate To obtain data from unregulated/unlicensed markets, culture, revenue and growth model, risk management the easiest option would be to require financial service structure, internal controls, as well as staff and execu- providers to register with and regularly report to the tive compensation policies authority. When this is not possible, the authority may con- • Scrutinizing the main products and services through- sider leveraging data already collected by other organiza- out the product cycle (research, design, marketing, tions, such as industry associations, or request industry sales, contracting, and post-sales) bodies for their collaboration to collect data on an ad hoc or regular basis. • Assessing the effectiveness of internal complaints-han- dling mechanisms, including how the analysis of com- Supervisory tools plaints statistics is used at the corporate level to The authority should use a tailored mix of supervisory improve practices, products, and services on an ongo- tools and techniques, which could include market moni- ing basis toring, off-site and on-site inspections, thematic reviews, • Assessing the level of compliance with legal and regu- and research and mystery shopping. Off-site tools are par- latory requirements ticularly important, as further described below. The authority should also strive to check the quality of data • Assessing the level of compliance with the provider’s reported by providers through off-site and on-site consis- own policies and possibly with industry self-regulation tency and integrity checks.30 or codes of conduct One supervisory tool that is used more often in con- • Assessing the role and impact of the most relevant sumer protection than prudential supervision, and that third parties involved in service design and delivery, or provides important insights about industry practices in a consumer interaction functions, such as agents and relatively cost-effective manner, is thematic reviews. The- sales consultants matic reviews are assessments or studies of a particular issue, such as internal complaints handling, account-switch- • Requiring proportionate corrective or preemptive ing procedures, or a specific type of sales channel, across a measures or improvements by financial service provid- sample of providers. Thematic reviews can be effective in ers in a timely manner highlighting cross-cutting consumer protection issues and allowing authorities to formulate and disseminate good Supervisory coverage and strategic use of resources practices specifically to address such issues. Particularly in Given that supervisory resources are often scarce, super- countries where a principles-based approach to the regu- vision of large numbers of nonbanks will need to be stra- latory framework is employed, dissemination of good tegic and focused (in addition to being risk-based). A practices can clarify the authority’s expectations about the number of strategies can be employed. For example, the implementation of the regulatory framework where regula- authority can use a tiered approach for institution-fo- tory requirements are not explicit. Such dissemination can cused supervision: low-risk (small) nonbanks can be sub- occur through workshops and meetings with the industry. ject to reactive supervision—that is, action can be taken Another supervisory tool more specific to financial con- only when a problem or instance of non-compliance is sumer protection is mystery shopping,31 which is used by spotted by whatever means, including the media, self-as- authorities in Malaysia, Singapore, Portugal, the United sessments, and consumer reports, while larger or riskier Kingdom, the United States, and other countries to iden- nonbanks can be subject to ongoing and preemptive tify problems arising during the interactions between pro- supervision. The Korean Financial Services Commission viders and consumers. It can even be a joint effort by registers all MFIs and monitors the industry as a whole multiple authorities, such as in the case of mystery shop- but does not supervise them individually on an ongoing ping on banks’ sales practices conducted by the Hong basis. Similarly, the FCA in the United Kingdom does not Kong Monetary Authority and the Securities and Futures conduct active supervision of all 73,000 regulated firms. Commission in 2011.32 Rather, most firms are subject to reactive supervision and thematic evaluations only.33 Other strategies and tools Supervisory activities that can be useful include mandating that providers con- In general, supervision should be comprehensive. It should duct and report self-assessments of regulatory compli- include a range of relevant consumer issues and a broad ance regularly and report material breaches immediately. range of activities to address those issues. Application of Another potential model for supervision of numerous activities will vary in intensity according to each provider’s small financial service providers is the “auxiliary supervi- complexity and size. Activities may include the following: sion” model, in which industry bodies are legally required 18   Good Practices for Financial Consumer Protection to assume some supervisory role under the oversight of Complementary actions such as engaging actively with the responsible authority. This model is more commonly the media and consumer associations and other third par- found in supervision of financial cooperatives, although ties can be used by authorities with limited resources to experience has been mixed. In any type of supervisory further their supervisory objectives by disseminating approach taken for small and numerous financial service supervisory activities, broadcasting supervisory findings, providers, the authorities should look for opportunities to highlighting good and bad practices, and clarifying super- leverage industry-based tools or initiatives that could visory expectations. (See A7.) As noted earlier, dissemi- reflect the supervisory methodology adopted for other nating good and bad practices identified in thematic types of service providers, such as client-protection certifi- reviews can help the authority achieve its supervisory cations or risk assessments. objectives without draining resources. When supervising large numbers of nonbanks, off-site Many supervisory authorities directly facilitate com- work such as market monitoring, firm-specific off-site plaints and enquiries from consumers. Usually, the author- assessments (including self-assessments), and off-site the- ity refers the consumer complaint to the provider for matic reviews should generally be prioritized. On-site resolution (as opposed to being directly involved in resolu- work should be employed selectively and strategically, tion) and may monitor the process, including assessing the based on intelligence gathered off site about the provid- quality of the final response to the consumer. While the er’s risk profile and market conditions. resulting complaints data may be useful as an input to supervision, playing a role in the resolution of individual consumer complaints can often take up significant staff resources and time. If the authority has sufficient resources BOX 1 and chooses to facilitate complaints handling, this function Financial Consumer Protection Supervision should be separated from supervision to avoid draining of NBFIs in Brazil specialized supervisory resources. Complaints handling does not replace the need to establish a strong consumer The Conduct Supervision Department of the Central Bank of protection supervisory function. It should also be clearly Brazil has developed an off-site methodology and system to understood that the authority’s role in facilitating consumer assess the regulated NBFI sector (and small/medium banks) complaints does not substitute for the requirement for ser- remotely, covering the most important topics in consumer vice providers to have their own internal complaints-han- protection and anti-money laundering/combating the financ- dling mechanisms, whose effectiveness should be one of ing of terrorism. For this assessment, some data are collected the priority areas of supervisory scrutiny. from individual financial service providers on an on-demand basis, to complement data gathered on an ongoing basis, Staff assigned to financial consumer protection super- such as consumer complaints and financial data. In addition, vision should receive adequate training and be duly qual- the Central Bank’s communications department makes a daily ified to carry out supervisory activities. It is common to clipping of all news related to the financial sector, including assign former prudential supervisors to newly created NBFIs, which is closely followed by those in the Conduct financial consumer protection authorities or units, given Supervision Department. On-site activities are performed their supervisory skills. However, even experienced pru- only when high risks are identified as a result of the off-site dential supervisors will require specific training and spe- review and monitoring. cialization to effectively shift mindsets from a prudential focus to a consumer protection perspective. A5: ENFORCEMENT a. The authority should have clear powers to negotiate and impose preemptive and corrective measures in the course of its supervision to address non-compliance and instances of misconduct. b. The authority’s enforcement powers and tools, and its actions taken against financial service providers, should create a credible threat of enforcement against lack of compliance with the legal and regulatory framework. c. The authority should have an adequate range of enforcement powers and tools to allow it to investigate and address various situations adequately. d. The authority should strive to be gradual, proportionate, timely, and consistent in the application of its enforcement powers. Deposit and Credit Products and Services   19 e. There should be effective coordination between the areas (or authorities) responsible for supervision and those responsible for enforcement, including relevant enforcement agencies. f. The authority should have the power to refer cases to the judiciary as well as to other agencies for civil or criminal action. Explanatory Notes • Imposition of conditions or restrictions or suspension With regard to weaknesses and minor breaches or mis- of a regulated activity conduct found in the normal course of supervision, the • Imposition of conditions, restrictions, or cancelation of supervisory authority should have sufficient powers to registration or license to operate require timely corrective measures or preemptive improve- • Disqualification of management to carry out regulated ments in business practices, processes, or products. activities Imposing corrective measures should involve requiring a time-bound corrective plan agreed upon with the financial • Compensation and refunds to affected customers service provider. Implementation of the plan should then If enforcement takes too much time to be implemented, is be monitored by supervisors. If practices and breaches not taken against certain providers (for instance, due to continue and the corrective plan is not implemented, the political pressure), or is too light (for example, low maxi- supervisor may consider use of its enforcement powers, mum fines established by law), the authority’s credibility following a proportionate and gradual approach advo- can be damaged. In such circumstances, the danger is cated in these GPs. that providers may conclude that the potential benefit of The credible threat of enforcement is an important tool misbehaving or not treating consumers fairly is higher to deter poor business practices that hurt the interests of than the potential damage of enforcement. Lack of flexi- consumers, and to help promote a culture of change in bility in the legal framework (for example, if it imposes financial service providers. Providers must believe and unduly harsh penalties for most situations) may inhibit the expect that the authority will take proportional and timely authority from starting enforcement actions. Laws and action against non-compliance with financial consumer regulation that are too detailed or prescriptive in their protection laws and regulations. A credible threat is usually description of enforcement—for example, by listing all sit- not possible without a clear mandate in law and regulation uations that could be considered a breach of the law or regarding financial consumer protection and appropriate regulation and the corresponding enforcement action— procedures to use enforcement tools (see A2[b], above). give little room for needed flexibility. Many countries may need to undergo legal reforms to Being gradual, proportionate, timely, and effective ensure that the authority is endowed with the appropriate requires that the authority have available a range of mandate, powers, and tools for enforcement. enforcement tools, as well as a conducive organizational Enforcement tools are called different names and vary structure and set of procedures to facilitate use of the widely across countries, and may include the following: appropriate tool for the particular occasion. The law • Cease-and-desist orders should give the authority the necessary flexibility to use enforcement tools in a gradual and proportional manner, • Reprimands, such as confidential caution or reprimand taking into account variables such as: letters, reprimand meetings with the authority, or pub- lic reprimand notices • The seriousness of the detected infringement or breach • Enforceable undertakings—that is, the power to apply • The potential or actual damage to consumers an enforcement measure such as a fine in case an • The revenues or benefits resulting from the infringe- action agreed upon between the supervisor and the ment/breach provider in a binding document is not implemented by • Information offered by the financial service provider the provider within an expected timeline with respect to the infringement, such as whether con- • Suspension or withdrawal of a product or advertising tradictory or false information has been given material • Whether the financial service provider is subject to • Fines supervision, or only monitoring or registration • Suspension, dismissal, or replacement of management • Whether previous similar breaches were detected and or staff have already been subject to corrective measures or enforcement actions in the past 20   Good Practices for Financial Consumer Protection While the authority should aim to be consistent in adopt- have the power to adopt summary proceedings when ing enforcement measures across different types of pro- appropriate that end in settlement agreements with finan- viders, it may decide—law permitting—to have a tiered cial service providers. As an illustration, while the Central system in which the breaches of less intensively super- Bank of Brazil is required to go through a full administra- vised entities result in relatively stricter enforcement tive procedure subject to appeal to apply a maximum actions as a means of deterrence. penalty of only about US$100,000, the Central Bank of Unduly slow or inadequate internal procedures can Ireland can apply fines up to 10 percent of a firm’s turn- also affect the effectiveness and timeliness of enforce- over through a summary procedure. The United King- ment—for example, requiring clearance from the highest dom’s FCA is transparent about prioritizing settlement level of the authority or requiring the same formalities for agreements over full, formal enforcement procedures.34 every enforcement action regardless of the gravity of the Both Ireland and the United Kingdom encourage early situation. In addition, in order to avoid the costs and time resolution of cases by offering a discount to the proposed involved in full, formal enforcement, the authority should settlement value. A6: CODES OF CONDUCT AND OTHER SELF-REGULATION a. The legal and regulatory framework should allow for the emergence of self-regulatory organizations (SROs), including industry associations. b. Providers of deposit and credit products and services that are unregulated with respect to consumer protection should be encouraged to design, adopt, disseminate, and enforce codes of conduct (COCs) or other types of self-regulation (although this should not be viewed as a substitute for regulation). c. Self-regulation related to financial consumer protection adopted by regulated providers of deposit and credit products and services should be created in consultation with the relevant authority. d. COCs and other self-regulation should be written in plain language and without industry jargon to ensure that consumers and providers can understand them easily. e. COCs and other self-regulation should be publicized and disseminated widely, so that they are known to consumers. f. To the extent possible, the authority should take actions to encourage or check compliance by providers with self-regulation and should use self-regulation when evaluating a provider’s conduct. Explanatory Notes Practice issued by industry associations and endorsed by COCs and other types of self-regulation by SROs such as the Hong Kong Monetary Authority.35 In the code, it is industry associations should be encouraged, particularly specifically noted that the principles of the code apply to for nonregulated providers of deposit and credit products any subsidiaries or affiliated companies of regulated insti- and services. Such COC should be updated as needed to tutions providing banking services, even where such enti- follow market developments, such as the digitization of ties are not licensed or regulated by financial sector financial services. Although it cannot be considered an authorities. Banks in the Philippines,36 South Africa,37 and alternative to regulation, self-regulation can potentially many other countries also have COCs issued by their help to promote minimum consumer protection or con- respective industry associations. Other examples include duct-of-business standards that can be similar to, or even COCs issued by international associations, such as the stricter than, existing regulatory standards. Self-regulation International Factoring Association, the World Council of can also be issued with respect to regulated providers, Credit Unions, and the Smart Campaign and its Client Pro- imposing additional obligations on them. To the extent tection Principles. possible, self-regulation should be developed in consulta- However, experience with self-regulation in many tion with the authority. countries has not always been encouraging. The main rea- In India, regulated NBFIs are required to abide by sons for this include lack of capacity, resources, and exper- COCs issued by SROs and recognized by the Reserve tise; conflicts of interest; limited membership; and lack of Bank of India. Similarly, in Hong Kong, authorized institu- enforcement powers by the SRO. To address these com- tions are required to comply with the Code of Banking mon weaknesses, mechanisms for improving compliance Deposit and Credit Products and Services   21 with, and effectiveness of, self-regulation should be • The SRO is vested with powers to check compliance of encouraged by authorities. Possible actions to address each member provider with the self-regulation (or this issue include the following: commission an independent evaluation), disseminate the results, and impose sanctions in cases of non-com- • The authority approves and/or endorses the self- pliance. regulation. • All members of the SRO are obliged by the internal • The self-regulation is submitted to an external inde- rules of the SRO to comply with the self-regulation. pendent external evaluation. • The providers periodically report implementation of • Compliance with the self-regulation is monitored by the self-regulation to the SRO and to the authority. the authority with respect to regulated providers, or the self-regulation is partially or entirely incorporated • The SRO produces and disseminates annual reports on into the supervisor’s own risk-based supervisory the implementation of the self-regulation, highlighting methodology. areas of non-compliance. • The self-regulation is widely disseminated to the gen- • Consumers are allowed to file complaints against pro- eral public by the SRO, the financial service providers viders (including in external dispute resolution mecha- who have committed to it, and the authority. nisms) for failing to abide by any provision of the self-regulation. • The self-regulation is disseminated and made available to consumers by each financial service provider during consumer interactions. A7: DISSEMINATION OF INFORMATION BY THE AUTHORITY a. The authority should make readily available to the general public, at no cost, minimum relevant information to help it achieve its statutory goals and increase its transparency and accountability. This information should ideally include i. A clear description of its regulatory and supervisory mandate and remit, and the role of other authorities, if applicable, as well as whether any providers of deposit and credit products and services are not covered by any authority with regard to consumer protection; Its annual reports with statistics about supervised sectors and a description of its supervisory ii.  objectives and supervisory activities undertaken in the past year; A list (or access to a database) with all registered/licensed providers of deposit and credit services, iii.  and their regulatory/supervisory status; and Laws and a compilation of all regulations on financial consumer protection. iv. b. Resources permitting, the authority should strive to publish additional information that can help to achieve its objectives, such as aggregated statistics on consumer complaints or examples of supervisory findings and enforcement actions. c. To the extent possible, the authority should coordinate with a variety of stakeholders, such as industry and consumer associations, the media, and other government agencies, to increase the reach of the information it disseminates. Explanatory Notes and credit products—some of which are operating in a Disseminating information is important to increase super- fast-changing environment, which may make it difficult for visory effectiveness in financial consumer protection and the public to access updated information. to provide additional tools to assist in consumers’ decision This GP lists potential types of information that should making. Publicizing information may be even more have priority in being publicized by the authority. Dissem- important with regard to NBFIs and nonfinancial firms, as ination should occur by means of the authority’s website, these are more diverse sectors—that is, more types of although newspapers, social media, and other channels financial service providers offering more types of deposit may be used as well. The range, depth, and complexity of 22   Good Practices for Financial Consumer Protection information to be published, and the channels and mate- If resources and data availability permit, the authority rials used, will depend on the resources available to the may also consider publishing a wealth of additional infor- authority, although it should strive to disseminate on its mation, such as: website at least the items listed under clause A7(a), above, • Warnings about recent fraudulent schemes or major as digital channels are lower-cost and potentially have problems faced by consumers greater reach. Compiling financial consumer protection laws and reg- • Analytical sectoral reports ulations in a single document or online location is of fun- • Tips for choosing between different products and damental importance. The Association of Supervisors of services Banks of the Americas has found that it is difficult to have a full picture of the regulatory framework for financial con- • Fees and charges calculators sumer protection in its member countries, as these frame- • Comparative information on fees and prices of the works are often highly fragmented and not compiled or most common retail products described in a single place.38 This can often be the case in many other regions as well. A helpful example can be Publishing aggregated consumer complaints statistics found in Colombia, where the financial supervisory author- generated by internal complaints handling units at provid- ity maintains a compilation of all current regulations ers and external dispute resolution mechanisms, and imposed on banks and NBFIs, including consumer protec- related analyses, such as emerging consumer issues in tion rules, in a single document known as the Single Bank- certain sectors and trend analyses, may help the authority ing Circular.39 In the United Kingdom, the FCA’s webpages improve its effectiveness in increasing awareness among not only explain the regulatory and supervisory framework consumers and have a deterrent effect on providers. applicable to regulated firms in different sectors (for Examples include the complaints database/statistics pub- example, consumer credit)40 but also provide sourcebooks lished online by the CFPB in the United States,45 the Cen- summarizing such frameworks. tral Bank of Brazil,46 and Mexico’s Condusef. For the benefit of consumers and the general public, Publicizing supervisory findings and enforcement and in line with international standards set for prudential actions, including settlement agreements, may have a supervisors, the authority should publish a list of all regis- deterrent effect and encourage better practices by provid- tered and licensed providers of deposit and credit prod- ers. It also helps to increase supervisory accountability and ucts and services and keep it updated. Resources manage public expectations with regard to the authority’s permitting, the list should have links to the websites of approach, particularly with regard to less intensively each provider, as is the case with ASIC’s online register,41 supervised or unsupervised nonbanks. Mexico’s Condusef the Bank of Portugal’s list of authorized entities,42 and the publishes enforcement measures, as does the Central register of credit providers kept by South Africa’s National Bank of Ireland,47 the Monetary Authority of Singapore,48 Credit Regulator.43 the FCA in the United Kingdom,49 and the CFPB in the For the sake of transparency and accountability, the United States.50 The Authority for the Financial Markets in authority should publish annual reports with a summary of the Netherlands also publicizes its enforcement and cor- its regulatory, supervisory, and enforcement work. For rective actions on its website.51 example, the Banking Conduct Supervision Department Examples of tools to facilitate consumer choice and of the Bank of Portugal publishes biannual reports on mar- other general descriptions of consumer rights can be ket conduct supervision, reports on market monitoring found in the web portals of Peru’s Superintendence of and complaints, and even impact evaluation reports on Banks, Insurance, and Pension Funds,52 the Malta Finan- some key regulatory measures.44 Annual reports may also cial Services Authority,53 the Bank of Portugal,54 the Cen- highlight the performance of providers in complying with tral Bank of Armenia,55 and many other authorities. Further the legal and regulatory framework for financial consumer examples can also be found in the effective approaches to protection. support the implementation of Principle 4 of the G20 FCP Principles.56 Deposit and Credit Products and Services   23 B: DISCLOSURE AND TRANSPARENCY B1: FORMAT AND MANNER OF DISCLOSURE a. Any advertisement, sales material, or other form of communication or disclosure by a financial service provider to a consumer (whether written, oral, or visual) should be in plain and easily understandable terms, not misleading, and should use at least the language that is prevalent in the geographic area in question. b. Any written communication (including in electronic formats) should use a font size, spacing, and placement of content that makes the communication easy to read for the average person. c. Key documents such as consumer agreements, forms, receipts, and statements (including those provided in electronic format) should be provided in a written form that can be kept or saved by the consumer. d. Written, oral, and visual communications should contain and highlight key features of a given product or service. e. The regulatory framework should establish the timing of key disclosures to the consumer, particularly during the shopping, precontractual, and contractual stages. f. Standard indicators for total cost and total net return, and standard methodologies for the calculation of such indicators, should be established by the authority in order to ensure consistency across providers and enable consumers to compare products properly. g. Adaptations to regulatory requirements should be considered to allow for innovation in product design and delivery with respect to digital financial services, while mitigating potential risks to consumers due to disclosures that may be less comprehensive, more difficult to read, and harder to store. h. In addition to key product features, communication materials should, whenever possible, disclose i. The regulatory status of the financial service provider; ii. The contact information for the internal complaints handling mechanism of the financial service provider; and iii. The contact for the relevant external dispute resolution mechanism, if any. Explanatory Notes munication between financial service providers and con- The format and manner—including timing—of disclosure sumers, including in contracts, forms, statements, receipts, are as critical to achieving transparency as the content of or any other communication, whether printed or elec- disclosed information. Disclosure often becomes ineffec- tronic or delivered by telephone, radio, or TV or in person, tive due to factors such as small font sizes, convoluted and is relevant to B2–B6, below. language, and an excess of information. In most instances, less is more. Attention to the format and manner of disclo- Plain language sure is also relevant for oral, visual, and electronic commu- The need to use clear, objective, and simple language can- nications. In addition, it is important that disclosures are not be overemphasized with respect to basic retail deposit made at the appropriate time to be of use to the con- and credit products and services. In South Africa, the sumer, especially during the shopping stage as well as National Credit Act stipulates that documents must use right before a consumer agreement is signed. It also cru- “plain language”—that is, language for which “it is reason- cial that regulations governing the format and manner of able to conclude that an ordinary consumer of the class of disclosures to consumers are applicable and adapted to persons for whom the document is intended, with average digital financial services. The same general principles literacy skills and minimal credit experience, could be should apply for both paper-based and electronic docu- expected to understand the content, significance, and ments, though policy makers will need to consider adap- importance of the document without undue effort.”57 tations necessary for digital financial services. This GP Understandable language requirements are important for applies across all means and types of disclosure and com- all consumers, but particularly for those who are inexperi- 24   Good Practices for Financial Consumer Protection enced in the financial sector, have low incomes or low liter- Regardless of the methodology, it is important that the acy, and often face additional challenges in understanding standardized price disclosure reflects the total cost of a what is being communicated to them. Where the use of product or service, so that consumers understand the technical terms is necessary, such as when describing more all-inclusive cost of the product or service and do not end complex products, such terms should be explained in a up paying more than what has been advertised. The same comprehensible manner for the average consumer. principles apply for net return in the case of savings prod- ucts, so that consumers understand the full benefits of the Highlighting/standardizing disclosure of key features product. The standardized formula for calculating total Disclosures and communications should give prominence cost should include all known up-front and recurring to such key features of a product/service as price, risks, charges, rates, fees, and the costs of embedded third- return, amounts due, and access conditions and restric- party products and services, such as credit life insurance tions to induce the consumer to pay attention to such fea- premiums, over the life of the product or service. tures and, if needed, seek further clarification with the staff Depending on the circumstances, key features of a or agent of the financial service provider. In written docu- product or service may be better conveyed orally. For ments, key terms and conditions can be highlighted by instance, it is common practice among many MFIs to using differentiating format such as font size and bold arrange informational meetings with groups of consumers font, as well as placement. When communication is dis- during the precontractual stage to explain payment sched- played in the facilities of the financial service provider or ules, cost of loans, and how group guarantees operate. other related entities, it should be displayed conspicu- For consumers with low levels of literacy or familiarity with ously and in large enough size to make it easy for the con- financial terminology, oral communication may be particu- sumer to see—for instance, displayed next to the entrance larly important during the precontractual stage, during the or cashiers, or in front of a waiting area. signing of the contract, and whenever requested by the Disclosure of key features for the most common consumer, particularly for product features that may be dif- deposit and credit products and services, such as con- ficult to understand. Examples of such features include sumer and microfinance loans and savings and checking mandatory savings, compulsory credit life insurance, and accounts, should be standardized by regulation to permit the consequences of late repayments. easy comparison across different financial service provid- ers. This could include, for instance, common nomencla- Form and format ture for basic services regarding checking and savings Long, detailed agreements can be challenging and over- accounts that are subject to fees. whelming for most consumers. In line with Principle 4 of Consideration should also be given to standardized the G20 FCP Principles, it is recommended that in methods for price disclosure that will work most effec- instances where customer agreements are more than sev- tively for target clienteles, particularly those that are eral pages long, such agreements should be accompa- more vulnerable. For instance, many middle- to low-in- nied by a KFS highlighting the main features. (See B5.) come consumers may more easily understand prices that Likewise, the ITU-T Focus Group Digital Financial Services are disclosed as a monetary value—for example, as a recommends that providers of digital financial services monthly loan installment or the total cost of the loan, a use a KFS in the beginning of contracts and through other more tangible, relatable figure for many than rates such as means.60 Conversely, terms and conditions should ideally annual percentage rate (APR). However, APR and other not be so scattered across multiple documents that the rates can and should complement the monetary value, as ability of the consumer to understand the product is APR is more comparable across providers and may be impaired. Preferably, key information should be provided useful to some consumers for purposes of comparison in a consolidated fashion, while supporting or comple- shopping (as well as for other positive externalities, such mentary information should be made easily accessible. as increasing competition and transparency across pro- Regulatory requirements on format and manner of dis- viders within a market). As a result of focus groups and closure, including for sales and advertisement materials, broad consultations, the financial regulator in Peru has should be flexible enough to be adapted to different imposed standard methodologies for price disclosure for delivery channels. For example, a minimum font size for a loans, savings accounts, and insurance that provide marketing leaflet will differ from an acceptable font size rates—that is, APR—along with such monetary values as for a TV commercial. With regard to oral, visual, and elec- the monthly loan installment payment with respect to a tronic disclosures, particular attention is required to avoid standardized total loan value.58 Some jurisdictions have disclosure becoming meaningless. This can readily hap- also been working to develop comprehensive cost indi- pen when radio or TV advertisements convey required cators that summarize the overall annual indicative cost disclosures in an extremely fast manner that is nearly of a transaction account.59 impossible for any consumer to understand. Any animated Deposit and Credit Products and Services   25 visual or oral prerecorded communication should there- ticular challenges for effective disclosure, as noted by fore be required to provide information at a reasonable the ITU-T Focus Group Digital Financial Services,63 such speed or for a reasonable period of time to allow the con- as regarding the content and timing of electronic disclo- sumer to listen to or read it with ease. Consideration will sure. The concept of less is more is particularly important also be needed for consumers with disabilities, such as the for digital financial services, where information is often sight or hearing impaired. displayed on small mobile phone screens. For example, The timing of key disclosures and communications it may not be feasible or appropriate to view a loan should also be addressed by regulation. Providers should agreement via mobile phone. be required to provide key information early in the shop- Policy makers will need to balance policy objectives to ping and precontractual stage in order to ensure that such allow for innovations that benefit financial inclusion while information does not arrive too late in the decision-mak- maintaining adequate protections for consumers utilizing ing process to be utilized by consumers. For example, digital financial services. In particular, policy makers should Bank Negara Malaysia (BNM) conducted a study on the consider in which circumstances consumers may be put in effectiveness of product disclosure sheets and found that a weaker position when disclosures are made in electronic in many cases, disclosure sheets were provided to con- formats that are less comprehensive, more difficult to read, sumers only after a decision had already been made to and/or cannot be saved, and consider what adapted purchase the product, negating its intended impact. The requirements may help mitigate or safeguard against con- Competition Authority of Kenya has mandated that all sumer risks. For example, where fulsome disclosure is not digital credit products make key disclosures about terms feasible at the first instance via electronic channels, provid- and conditions (including the cost of bundled products) ers could be required to provide access to more compre- prior to the “signing” of the loan agreement. The EU Con- hensive written materials at a later stage, perhaps by sumer Credit Directive61 requires that lenders provide sending a fuller set of terms and conditions to the custom- information on the essential features of the product being er’s mailing address or making them available online or at a offered “in good time” before an agreement is entered physical outlet. A cooling-off period could be applied in into. The precise time period may depend on the circum- the interim. (See also C5, “Customer Mobility.”) Comple- stances of the transaction, but the intent is to give con- mentary regulatory requirements could also be considered sumers adequate opportunity (in a nonpressurized setting) regarding recordkeeping for digital transactions, including to consider disclosed information before deciding to transaction receipts and other documents that can be pro- enter into an agreement. vided upon request to customers and used to support dis- putes, as well regarding transaction reversibility (further Digital financial services and electronic channels discussed in annex A, “Retail Payment Services”). In general, the regulatory framework should allow for dis- With respect to products offered via mobile phones, closures in electronic format. In some cases, this may policymakers may also wish to consider the appropriate require specific regulatory reforms. The question of design of user interfaces, an issue that also relates to whether a printed document is the default form for disclo- product design (see C4, “Product Suitability”). The sure—that is, whether the consumer needs to opt in to design of user interfaces for both smartphones as well as receive electronic documents rather than hard-copy docu- basic feature phones can greatly affect the ability of con- ments—will vary from country to country and according to sumers to access and understand key information, as well product types and their main delivery channels. In some as to use key features of a product or service. To the extent instances, such as with respect to the vast majority of dig- possible, user interfaces should therefore be designed to ital credit and electronic deposit products in developing be clear, user-friendly, and intuitive. and emerging countries, electronic disclosure is the default format in practice.62 Costs to providers Disclosure requirements should not form undue barri- Disclosure requirements should also be sensible to avoid ers to ethical and healthy innovation in product design excessive cost to providers with little or no appreciable and service delivery, though policy makers will need to benefit in terms of consumer understanding. For instance, consider what unique challenges may arise with respect in South Africa, it was determined to be impractical to to digital financial services. For instance, short message require that all disclosure documents be prepared in all service (SMS) messages are being used as transaction local languages. Rather, the law requires that consumers receipts in many countries where mobile money is receive documents in an official language that the con- offered and linked to deposit accounts or loans. Although sumer can read or understand, to the extent it is reason- usually more difficult to read and understand than a able to prepare such documents in terms of expense, paper-based receipt, they should not be considered regional circumstances, and the needs and preferences of invalid as a result. Similarly, digital credit introduces par- target customers of the provider. 26   Good Practices for Financial Consumer Protection Consumer testing insights as to the effectiveness of certain disclosure for- As with many other types of regulation (see A3), rules on mats and channels regarding their impact on consumer the form and content of disclosure should benefit from decision making, including research aimed at testing consumer testing through focus groups and interviews, so effectiveness for products used by particularly vulnerable that they are designed to be as effective as possible.64 consumer segments—for example, loans targeting pen- Consumer behavior research can provide important sioners, student loans and accounts.65 B2: ADVERTISING AND SALES MATERIALS a. In addition to the general requirements in B1, financial service providers should be required to ensure that their advertising and sales materials Do not contain misleading or false information; and i. Do not omit information that is important to a consumer’s decision to purchase any of their products ii. or services. b. Financial service providers should be legally responsible for all statements made in advertising and sales materials. Explanatory Notes many NBFIs are not regulated or supervised (see A1 and It is important to ensure that all advertising and sales A2), coupled with the rapid growth in nonbanks. Even in materials (printed, online, billboards, newspapers, flyers, the heavily supervised banking sector, it is common to TV, telemarketing, oral, and others) follow the minimum find sales materials that exploit consumer biases to influ- standards for format and manner of disclosure set out in ence behavior, deliberately omitting key information or B1. Specifically, easy comparability of total cost (for credit elements of cost in standardized price disclosure formulas products) or net return (for deposit products) should be mandated by regulation (for example, the cost of credit ensured, and materials that may mislead consumers with life insurance), emphasizing certain characteristics of the false or incomplete statements should be avoided, includ- product, such as a particular period of high returns paid in ing not making it clear who the legal provider of the finan- savings accounts, or downplaying other characteristics cial service is when agents or brokers are involved. (for example, the fees charged on savings accounts). Advertising and sales materials should not be allowed to Imposing and enforcing standards for advertising and mislead and exploit consumers’ behavioral biases to the sales materials is fundamental to protect consumers of advantage of the financial service provider. For example, deposit and credit products and services. Particularly deferred interest promotions by credit card providers that where consumer agreements are overly long and difficult fail to state that interest charges referring to the entire to comprehend (or, conversely, are made up of piecemeal period will apply if a payment is late or if the balance is not documents) or are received too late in the process, con- paid by the end of the promotion should not be permit- sumers may have already made decisions after relying on ted. It is also important that sales and advertising materi- misleading or incomplete advertising and promotional als contain relevant information such as the regulatory material. Rules on advertising and sales materials are status of the financial service provider and the contact increasingly important in fast-growing markets targeting information for internal and external redress mechanisms. middle- and low-income segments, including microloans Nonetheless, the supervisor should be flexible when delivered through mobile phones and mortgage loans (in designing and enforcing regulatory requirements for dif- some countries). These consumers, who often have little ferent types of communications and materials in order to experience with regulated financial service providers, may ensure they remain relevant, proportional, and effective be more vulnerable and thus more easily swayed toward a for each particular type of advertising or sales material. decision to purchase a product or service that could ulti- As emphasized in Principle 4 of the G20 FCP Princi- mately harm their financial well-being. ples, misleading statements (for example, zero interest For example, in the United Kingdom, regulation forbids loans) and the omission of key product features and infor- advertising of any interest rate without disclosing the mation are all too common in sales materials used for con- applicable APR (as opposed to displaying only the nominal sumer credit by a range of providers. In the case of NBFIs interest rate). Similarly, in Portugal, APR and gross annual and nonfinancial firms, this is partly due to the fact that nominal rate have to be disclosed.66 Several directives in Deposit and Credit Products and Services   27 the European Union hold financial service providers Union, Portugal, and Malaysia, sales materials for loans responsible for the content of their public announcements, cannot claim loans are “zero interest” or “free” if there are including marketing and advertising communications and any applicable charges, even if these charges apply only materials. Providers are subject to penalties for making any after a certain interest-free period. false or misleading statements. In Brazil, the European B3: DISCLOSURE OF TERMS AND CONDITIONS a. The regulatory framework should require that consumer agreements contain key terms and conditions, including at a minimum the following items: The regulatory status of the financial service provider i.  The rights and responsibilities of the consumer, including the conditions that may lead to termination ii.  of the agreement The rights and responsibilities of the financial service provider iii.  All interest rates, costs, fees, and charges (including from third parties) that arise or may arise from iv.  the agreement, when they can be applied, and how they are calculated How and when the terms and conditions may be altered unilaterally by the financial service provider v.  If, when, and how the consumer will be notified about changes to the agreement (see B6) vi.  The penalties and any other remedies the financial service provider may seek to impose in the event vii.  of a perceived breach of the agreement by the consumer The contact information for the provider’s customer service viii.  How disputes with the financial service provider can be resolved and the contact information of the ix.  internal and external third-party complaints handling mechanisms (see E1 and E2) b. A printed or electronic copy of the final agreement containing at least the information listed in clause B3(a) should be provided by the financial service provider to the consumer at signing. c. In addition to the information listed in clause B3(a), the regulatory framework should require specific disclosures in product or service agreements according to the type of product or service being contracted. d. To facilitate communication of key terms and conditions to the consumer in the most commonly offered retail products, financial service providers should be required to use KFSs (see B4) in addition to the product or service agreement. e. Prior to signing of the agreement, financial service providers should be required to explain the key terms and conditions orally to the consumer on request or where deemed necessary based on a customer’s circumstances. f. The regulatory framework providing for clauses B3(a–d) should be applicable to consumer agreements signed electronically. g. The relevant terms and conditions of a guarantee should be disclosed to guarantors prior to the guarantee is entered into. Explanatory Notes across providers, which may help to lower prices and Disclosure and transparency are critical consumer protec- improve the quality of products offered. A well-designed tion policy objectives. They help to increase consumer disclosure regime can be a more effective, market-friendly comprehension, allowing consumers to understand and policy approach than interest rate caps to address issues choose appropriate products to fit their circumstances. with pricing and competition. Disclosure and transparency also increase market compe- The terms and conditions that should be required to tition by allowing for comparison shopping by consumers be disclosed to a consumer can vary depending on the and greater transparency and competitive pressures product or service, its mode of delivery, and the target 28   Good Practices for Financial Consumer Protection consumers. A careful balance between general and de- • Fees and other costs, if any, applicable to each type of tailed requirements must be achieved in the regulatory transaction or service allowed to be charged against framework to fit most products and delivery channels the account and how each one will appear in the while leaving room for adaptation to particular situations. account statement Minimum standards should exist for key terms and condi- • Any limitation on account functionality, such as on the tions with more universal applicability, while specific regu- number of withdrawals per month lations may be needed for disclosure of certain items for specific products (as listed below). With respect to interest • Procedures and costs, if any, for the consumer to close rates, costs, and fees and charges, disclosures should the account specify when these terms are final. Also, policy makers • What constitutes an inactive account and the conse- should consider potential implementation challenges that quences to the consumer if the account becomes inac- regulation may pose to products and services delivered tive, including applicable charges through electronic channels, especially when they target low-income consumers with limited levels of literacy. Bal- • Existence of any depositor protection schemes (see ance is again needed to achieve sufficient disclosure and section F) transparency for electronic channels without impeding Before the signing of a loan agreement (including for dig- innovations in service delivery, particularly where innova- ital credit), in addition to the general information listed in tion can benefit financial inclusion. B3(a), the provider should inform the consumer of key Before the signing of an account agreement, in addi- terms and conditions such as: tion to the general information listed in B3(a), the provider should inform the consumer of key terms and conditions • Total and frequency (for example, monthly) of install- such as: ment payments, or minimum monthly repayment in the case of revolving credit • Charges or fees for account opening or minimum bal- ances • Total cost of credit, with a breakdown of all costs of each installment as well as the total cost (or minimum • Account maintenance fees monthly repayment in the case of revolving credit), • Applicable interest yield including APR, total interest payment, total principal, and third-party charges and fees, such as broker • Ability to check the account balance charges or mortgage insurance • Responsibility of the consumer to keep his/her per- • Applicable initial rate of interest and, in the event a sonal information confidential, including PINs and variable rate of interest is being offered, when and the passwords linked to the account basis on which the initial rate may vary, how and when • Type and amount of transactions allowed free of the consumer is informed of the new rate, the basis charge, if any upon which the new rate is calculated, and the maxi- mum possible rate • If an overdraft facility is included and the fees and costs in case this facility is used • Guarantees that need to be provided by the consumer • Applicable charges for issuing and clearing a check • What additional product(s), if any, such as a current and whether charges vary according to the value of the account, a guarantee, or an insurance policy, the pro- check vider either requires the consumer to acquire or else bundles as part of the loan package • Consequences and costs to the consumer of drawing a check with insufficient funds • The terms and conditions of all linked or bundled prod- ucts sold together with the loan, including the provid- • Procedures to countermand or stop payment on a ers of such products and their costs to the consumer check by the consumer • Policies regarding late payment and prepayment, • Liabilities of the parties in the event of check fraud including related procedures and costs • Liabilities of the parties in the event of an unauthorized • Policies regarding transfer of service transaction on the account and the applicable proce- dures that should be followed by the consumer in such • In the case of revolving credit lines, including credit an event cards, the applicable credit limit (see also B5, “State- ments”), and the charges applicable when the con- sumer pays less than the total amount due Deposit and Credit Products and Services   29 • Any cooling-off period (see C5, “Customer Mobility”) tested for their efficacy. In the United States, for instance, the 2013 “Know Before You Own” disclosure rule for • Procedures in the event that the consumer requests mortgage loans issued by the CFPB aimed at substituting that the loan be transferred to another financial service previous overlapping disclosure forms required by differ- provider, and the costs involved ent laws, simplifying and increasing effectiveness of dis- • In the case of mortgage loans, disclaimer to distinguish closure, and facilitating comparison across providers.67 As preliminary estimates of terms and conditions from this example illustrates, policy makers should consider the official loan estimates, if applicable; closing costs; and format, content, and timing of disclosure in tandem to whether there is a homeowner insurance requirement. achieve desired policy objectives. As a means of ensuring minimum content in consumer As noted in B1, digital credit introduces particular chal- agreements, the authority may consider requiring that lenges for transparency. Often the terms of the loan are financial service providers send all new standard (generic) incomplete and/or displayed on a small screen and there consumer agreements for its analysis (although not neces- is little or no opportunity for information to be provided in sarily for approval). For example, this step is taken in person or by phone by a staff of the financial service pro- Bolivia, Malaysia, Mexico, Pakistan, Peru, and the Philip- vider. In addition, the rapidity with which the agreement is pines. However, this can be a labor-intensive and time-con- entered into, and the remoteness and anonymity that may suming activity, and its benefits are not always clear. By characterize digital credit transactions, may lead consum- contrast, the Central Bank of Brazil analyzes consumer ers to inadvertently accept costly or inappropriate prod- agreements only when, as part of its supervisory plan, it ucts due to behavioral biases. The ITU-T Focus Group identifies specific retail products for which the agreements Digital Financial Services recommends an open dialogue warrant a full or partial review. An example is the review it between authorities and financial service providers to find conducted of the costs of consumer loan prepayment and solutions to address consumer biases with better disclo- the formulas used to calculate the present value of a con- sure tactics based on consumer research. Effective disclo- sumer loan when it is being transferred from one lender to sure of key facts prior to the contractual stage becomes another at the request of the consumer. The authority may ever more important. want to analyze consumer agreements only when new Bundling to create “baskets” of various financial prod- products or services are being launched, a new financial ucts and services can also reduce price transparency and service provider is licensed, or when the authority sus- comparability across providers. Disclosure rules should be pects improper practices are occurring. Some authorities designed to ensure timely and effective disclosure of may choose to impose—or suggest—standard agree- terms and conditions and clear disclosure of the cost of ments for certain retail markets, with the objectives of sim- bundled products, including with respect to digital credit plifying disclosure while ensuring disclosure of key terms products. For example, in Italy, financial service providers and conditions, allowing comparability, and prohibiting that bundle or tie loans with other products are mandated certain product features and practices. (See C1, “Unfair to follow specific provisions, including that consumers are Terms and Conditions.”) Another complementary mea- made fully aware of the fact that the package consists of sure is for the authority to require standard consumer different products and that APR takes into account the agreements for key products be made available online by costs of the tied/bundled products. providers for consumers and others to peruse at their con- Disclosure requirements for products that can have a venience, as done in Peru, thereby addressing the timing significant financial impact on consumers, such as mort- issue by ensuring that consumer agreements are available gage loans, or that are used with high frequency and offer early in the shopping stage. revolving credit lines, such as credit cards, should be par- ticularly well crafted and, whenever possible, consumer B4: KEY FACTS STATEMENTS a. For common retail deposit and credit products, financial service providers should be required to produce KFSs that summarize the main characteristics of the product. b. To increase effectiveness of disclosure, the regulator should set minimum standards for KFSs to be used in relation to different products (see B1), including on Conciseness (preferably one to two pages) and use of plain, easy-to-understand language i. Standardized formulas for disclosure of all-inclusive total cost or return ii. 30   Good Practices for Financial Consumer Protection Standardized formats/templates iii. Standardized content iv. c. Financial service providers should be required to produce a customized KFS with the particular terms and conditions for a specific individual, on request as well as before and at signing. d. KFSs should be signed by the consumer and given prominent placement when attached to the agreement. e. Financial service providers should be required to provide KFSs through convenient channels, including at least the channel through which the particular product is provided. f. Financial service providers should be required to retain copies of KFSs signed by the consumer for a reasonable number of years. Explanatory Notes vider; the identity of the agent (if applicable); key product In many instances, and for a variety of reasons—including features and risks; standardized, all-inclusive price disclo- suggestions given by a salesperson—consumers may not sure; and potential consequences if the consumer fails to read the contractual terms and conditions of an agree- comply with the terms of the contract by, for example, ment. Even when consumers attempt to read the terms missing a loan installment payment or incurring a negative and conditions, they may not understand them, or often balance). As noted in B1, where feasible, key elements of the length of the agreements may intimidate them, partic- the KFS should also be communicated orally to the con- ularly in the case of less-sophisticated or low-literacy con- sumer. This is crucial for low-income, unsophisticated, or sumers, or when products are delivered electronically. illiterate consumers. KFSs are an important tool to try to fill this gap. KFSs are The same format of KFS can be used to produce a increasingly viewed as important so that, before agreeing generic KFS as well as a customized KFS. A generic KFS to acquire any deposit or credit product or service, con- does not have personalized information such as specific sumers can appreciate the costs, risks, and benefits to rates and terms for a loan; rather, it should include average them of the product or service and compare the features rates and terms for a particular product, so that it can be of a specific product with that of other providers. KFSs are handed out more widely to potential consumers earlier in therefore useful for both the shopping and the precon- the shopping stage, increasing the likelihood of consumer tractual stages. However, KFSs are not a substitute for a comprehension and comparison shopping. A customized full, written agreement, which should always be provided KFS with specific rates and terms is prepared for a particu- to the consumer as noted in B3. lar prospective customer who applies for or inquires about KFSs should be required for the most widely utilized a product after the consumer has provided some basic retail deposit and credit products, such as consumer personal information, such as the desired loan amount. If loans and current and savings accounts, including when an agreement is reached, a final KFS should be signed by such products are delivered through electronic channels. the consumer and the provider staff and given prominent Moreover, the same (or substantially similar) KFS tem- placement when provided to the consumer along with the plate should be used across banks and NBFIs for the agreement itself. For example, in Armenia, fields for the same products, including when the providers are regu- customer’s signature are placed in multiple locations in the lated by different departments of the authority or by dif- KFS, next to key terms as well as at the end of the KFS, in ferent authorities, to make it easy for consumers to order to increase the likelihood that the consumer reviews compare products across providers. Ideally, KFS require- the full KFS and pays attention to important terms.68 ments should be simple enough so that they can be met If documentation is electronic, the provider should still by all types of providers offering the same or similar ensure that the KFS is prominently displayed. Adaptations products. may be required for digital channels, such as for credit This GP should be read in conjunction with B1, B2, and products offered via mobile phones, given the more lim- B3, particularly regarding standardized price disclosures. ited visual format. Adapted approaches could include The authority should require that KFSs be concise (prefer- shorthand (but standardized) disclosures, use of icons to ably not exceeding one to two pages) and provide stan- convey a key term or concept in an easily digestible man- dardized formats and content for KFSs, including the ner, and layered messaging—that is, making summary obligatory use of standard terminology for key terms. At a information available on an initial screen and more minimum, KFSs should inform consumers regarding the detailed information available by clicking through to addi- identity and regulatory status of the financial service pro- tional screens. Deposit and Credit Products and Services   31 As noted in B1, regulators should leverage consumer competes with regulated providers, the efficacy of KFSs testing and incorporate behavioral research to design and will be limited if only regulated providers are required to test standardized KFS formats, as well as to pursue peri- use them. In such situations, collaboration with industry odic improvements. However, KFSs should not vary too bodies could be sought to align the practices in unregu- much or too often, in order to give consumers the chance lated markets with regulations applicable to similar regu- to get familiar with them, as well as to simplify compliance lated services, including the application of KFSs across for providers. both regulated and unregulated markets for key retail Some types of unregulated NBFIs and nonfinancial financial products. For example, the Central Bank of the firms might offer services that are covered by KFS regula- Philippines has worked with the association of MFIs, which tions when provided by regulated providers. If the unreg- covers unregulated entities, to promote implementation ulated market is deemed significant—for example, of the same KFS format for consumer loans that is used by because it serves a large number of consumers—or if it regulated providers. B5: STATEMENTS a. Financial service providers should be required to provide the consumer with periodic written statements of every account the provider operates for the consumer, free of charge. b. Financial service providers should be required to provide the consumer with a closing statement when an agreement is terminated or concluded. c. The financial service provider should preferably make statements available using at least the channel through which the product was sold—that is, aligned to the manner in which the agreement was initially signed. d. The frequency with which statements are provided should be commensurate with the type of product, its term, and the type of clientele. e. Statements should list all types of transactions, values, and dates concerning the account during the time period of the statement; state opening and closing balances, interest rates, and fees and penalties charged; and highlight any impending risk for the consumer or changes in account rules or product terms and conditions. (See B6.) f. Providers should also be required to provide information on account balances upon request by the customer. g. Generally, statements should also inform the consumer regarding The regulatory status of the financial service provider and the contact number for its customer service i. and complaints handling mechanism; and The contact information for the external dispute resolution mechanism. ii. h. The regulation should impose specific requirements for statements linked to the most commonly used retail deposit and credit products and services. This may include the standardization of minimum content, format, and terminology, as well as frequency, timing, and manner of delivery. Explanatory Notes As with other types of disclosure, including cost and In general, statements need to be self-explanatory, com- price, it is important that statements provide information prehensive, objective, and clear. (See B1.) This is particu- in a manner that can be understood easily and is consis- larly important in the case of transactional accounts such tent across providers of similar products. For example, as credit card, current, and savings accounts and loan after a review of the abbreviations and terminology used accounts that can carry finance charges, penalty interest, by banks in current account statements, the Central Bank service fees, and other consequences in case of default, of Brazil decided to standardize the terminology of basic delayed payment, overdraft, or level of transactions transactions and the respective abbreviations used in (including inactivity). statements. Similarly, after a review of existing statements 32   Good Practices for Financial Consumer Protection found that the format and content of statements were dif- • List the opening and closing balances and any repay- ficult to understand and contained many technical terms, ment made in the period the Central Bank of Armenia developed standardized • List all transactions in the period statements for certain retail products.69 However, regula- tion should not be too strict in terms of frequency, format, • Indicate the counterpart for each transaction, such as a and method of issuance of statements, in order to accom- retail establishment where a credit/debit card purchase modate different business models and modes of service was made delivery to different consumer segments. This is particu- • Provide details on the interest rate applied to the larly important when a single regulation covers several account different types of products, including products delivered • Provide details on the fees, exchange rate, and other primarily through electronic means. charges incurred by the customer in each transaction Another policy consideration is cost to the financial service provider. In many developing countries, there are • Indicate any changes applied to the interest rates or serious constraints to delivering paper-based statements fees (see also B6) due to high costs or the lack of reliability of the postal and In case abbreviations are used, they should easily relate to courier services, or due to consumers not having formal a specific service and be listed, along with their full mean- fixed addresses. In such cases, alternative approaches to ing, in an easy-to-find and understandable document that consider include requiring that financial service providers is accessible online or provided in printed form free of make paper-based statements available for collection by charge by the financial service provider and through a customers at branches or other outlets or on demand, or range of channels. See also B6 in annex A, “Retail Pay- that providers substitute paper-based statements with ment Services.” free electronic versions. While statements delivered In addition to the items noted above, credit card (and through mobile phones may be less convenient to read any revolving credit line) statements should set out the and permit less information to be conveyed compared to credit limit, total amount due, due date, minimum pay- paper-based statements or statements accessed through ment required, and total interest cost that will accrue if the a computer, they should be as readable as feasible given cardholder pays less than the total amount due. These the technology. statements should be as standardized as possible across Whenever possible, the choice between electronic ver- bank and nonbank providers. Some countries, such as sus paper-based delivery should be left to consumers. Australia and the United States, also require that credit With the increased use of digital channels to access and card statements prominently display the number of manage deposit and credit accounts, some consumers months or years in which customers would be able to pay may wish to receive, access, or download statements off the total balance should they continue to pay only the more or less frequently, rather than on a monthly basis. minimum amount. Financial service providers should offer ready electronic Loan account statements, including for mortgages, access to an up-to-date statement at any time, at a mini- should indicate the amount paid during the period; total mal cost or free of charge. Regulators should recognize amount paid to date; total outstanding amount due; allo- rapid developments in financial services delivery and new cation of payment to principal, interest, or other costs; modes of interaction between financial service providers amount in arrears; and, if applicable, up-to-date accrual of and consumers. For example, providers should not be taxes paid. It should also include information on all appli- prohibited from using opt-out clauses that make elec- cable fees, penalties, and interest rate. tronic statements the default option when products are Policy makers should also consider certain exceptions delivered entirely electronically, as in the case of digital to requirements regarding statements. For example, it is credit. In such cases, there is a valid assumption that con- not meaningful to implement a requirement for periodic sumers will not expect paper-based statements. statements for very short-term loans, such as the one- In addition to establishing general requirements for month loans typical of microcredit. It is also not reason- the form and frequency of statements, regulations should able to require issuance of periodic statements after an impose specific content requirements for statements for account is considered inactive or dormant, though notifi- at least the most common retail deposit and credit prod- cations should be required if dormancy triggers any fees ucts and services. In general, statements for deposit prod- or penalties. (See B6, below.) For example, in Portugal, ucts such as savings accounts and current accounts should, providers must issue statements at least monthly for retail with regard to the period covered and depending on the deposit and credit products, with the exception of current type of product, do the following: accounts that have had no transactions in the past month. In such cases, the provider must issue at least one state- ment per year. Deposit and Credit Products and Services   33 B6: NOTIFICATION OF CHANGES IN RATES, TERMS, AND CONDITIONS a. Financial service providers should be required to notify their consumers, at least in writing (including in electronic form), and also orally or through other channels or means if deemed necessary, prior to changes in The interest rate to be paid or charged on any account (for example, loan, current, savings) of the i. consumer; ii. Any noninterest charge on any account of the consumer (transaction fees, overdraft fee); and Any other key product feature or previously agreed term or condition (procedures for cancellation, iii. prepayment of loans, transfer of loan servicing). b. Financial service providers should also be required to notify their consumers in case their transactional accounts have become inactive or dormant, and the related consequences, including applicable charges. c. The nature and extent of the change, particularly its potential impact on the consumer, should dictate the required format and the length of time for advance notice, and whether personalized, individual notification to the customer is required. d. If the revised terms are not acceptable to the customer and were not foreseen in the original agreement, the regulatory framework should guarantee the customer’s right to exit the agreement without penalty, provided such right is exercised within a reasonable period, as established in the original agreement. e. Along with the notice of the change, financial service providers should inform customers of their foregoing rights and how they can be exercised. Explanatory Notes machine (ATM) could be given in an impersonal, general No broadly accepted minimum notice period for commu- fashion via a message on the ATM screen, which the con- nicating changes in contract terms and conditions or other sumer should be required to acknowledge before the key information to consumers applies in all circumstances. withdrawal is conducted. Requirements can vary by country from no minimum How and the extent to which terms and conditions may notice to three months’ advance notice. The minimum be changed should be clearly articulated in the original reasonable notice period will depend on factors such as consumer agreement. In cases where the interest rate is the potential impact of the change on the consumer. For variable, the minimum notice to be given of a change in example, an increase in the overdraft fee may have less the rate should also be stated in the agreement. Changes impact than a transfer of loan servicing that requires the in prices, terms, and conditions that do not comply with consumer to make loan payments to a different location. what is contractually stipulated must not bind the cus- Reasonable notification requirements will also depend on tomer and must give the customer the right to exit the the conditions of service delivery and physical access to agreement without any penalty and without burdensome the financial service provider. For instance, consumers in procedures, within a reasonable timeframe. The time isolated areas may need greater advance notice when the given for the customer to exercise the foregoing right change would potentially cause them to terminate the should also be proportional to the potential impact of the agreement and if termination requires the consumers to change and the specific conditions of service delivery. In go to a physical access point, such as a branch. addition to these rights, the authority should consider Although notification to a customer of any proposed strategic and targeted limitations on the breadth and change should be in writing, different modes of communi- types of unilateral changes that can be made by provid- cation may be used depending on the factors mentioned ers, even if customers are given the right to exit the agree- above. Potential modes of communication include letter, ment when they do not agree with the change. (See C2, email, or SMS. For instance, notice of a change in the fee “Unfair Practices.”) charged for making a withdrawal from an automated teller 34   Good Practices for Financial Consumer Protection C: FAIR TREATMENT AND BUSINESS CONDUCT C1: UNFAIR TERMS AND CONDITIONS a. Financial service providers should be prohibited from using any term or condition in a consumer agreement that is unfair. Such terms and conditions, if used, should be void and legally unenforceable. b. Except where expressly permitted by law, in any agreement with a consumer, a term should be deemed to be unfair if it excludes or restricts any legal requirement on the part of a financial service provider to act with skill, care, diligence, or professionalism toward the consumer in connection with the provision of any product or service and/or any liability for failing to do so. c. Ambiguities in contractual terms and conditions should be construed in favor of the consumer. Explanatory Notes risks, costs, or conditions of the product or service; (2) Balanced rules should be in place regarding contractual inability to protect his or her interests in selecting or using terms and conditions, product suitability, product regula- a financial product or service; or (3) reasonable reliance on tion, and fair practices, in order to ensure that consumers the person offering or providing the product or service to are treated fairly and offered a product or service appro- act in his or her interests. priate for them. The objective of this GP is to reduce the In the European Union, the Unfair Terms in Consumer scope for financial service providers to abuse their domi- Contracts Directive 93/13/EEC considers a term unfair if it nant position relative to consumers with respect to con- causes a significant imbalance in the parties’ rights and tractual terms and conditions dictated by the provider. obligations arising under the contract, to the detriment of This issue is separate from the unfair exercise of those the consumer. This excludes the price and quality of the terms, which is discussed in C2. Average consumers are product, provided that these are conveyed in a plain and not usually able to identify or fully understand contractual intelligible language.70 However, the price and quality of terms and conditions that may be detrimental to them. the product can be taken into consideration in the assess- Furthermore, in the limited instances where consumers ment of fairness of other contractual terms. For example, are able to do so, they are most likely unable to negotiate terms that are considered fair for high-value contracts with different terms with the financial service provider. Most sophisticated consumers might be considered unfair for consumer agreements, such as those for current accounts low-income consumers. Also, general terms and condi- and credit cards, are not customized to individual con- tions in the EU context may be questioned as abusive if sumers. This type of contract may even receive a special their language is incomprehensible, not plain, or lacking denomination by law, such as “adhesion contracts.” Reg- in clarity, and any ambiguity is construed in favor of the ulation and supervision should be used to curb patently consumer. In Germany, regulations provide a definition of unfair terms and conditions, especially in countries where “ineffective clauses” and a catalogue thereof.71 A similar consumers have no effective means to defend themselves law has existed in the United Kingdom since 1977.72 In the after entering into a contract that has unfair terms. This GP United States, forced arbitration clauses are prohibited in also becomes increasingly important in digital finance, mortgage contracts, and the CFPB is considering prohib- given the speed with which contracts are electronically iting these clauses in other types of contracts as well. signed by consumers, possibly without prior review of the Other examples of unfair terms that can be common in terms and conditions. the financial services industry include the right of a finan- Defining unfair, deceptive, abusive, unbalanced, and cial service provider to revise, at any time and without other such terms is not straightforward, but many coun- prior notice, the minimum amount and the minimum time tries have established parameters by regulation or legisla- for a time deposit, and the right of a financial service pro- tion and have prohibited certain contractual clauses or vider to close any account of a consumer at any time, with- certain styles in which contracts may be written. In the out notice or cause given to the customer and without United States, the Dodd-Frank Act considers an act or incurring any liability in so doing. practice abusive if it materially interferes with the ability of Supervisors in Bolivia, Malaysia, Mexico, Pakistan, a consumer to understand a term or condition of a finan- Peru, and Portugal analyze consumer agreements on an cial product or service or takes unreasonable advantage ongoing basis with the purpose of identifying abusive of a consumer’s: (1) lack of understanding of the material clauses. The ITU-T Focus Group Digital Financial Services Deposit and Credit Products and Services   35 recommends that authorities review consumer agree- action against the provider of the service based on such ments “on a regular basis, such as every six months and as analyses (which is done in Australia, Brazil, the United informed by consumer complaints.”73 New technologies Kingdom, and the United States). In addition, some coun- for data analytics and machine learning may help them do tries, including Mexico, Poland, and Spain, maintain a reg- so in a less time-consuming manner. (See A4.) However, ister of financial consumer contracts that display clauses in some cases, this practice may not be feasible if the considered to be abusive or prohibited. Such registers can authority has scarce resources. Ex post selective analysis then be used by consumers to ascertain whether the may be more appropriate in such cases, where supervisors clauses of a contract they are about to sign or have signed analyze select types of consumer agreements and take include abusive or prohibited clauses. C2: UNFAIR PRACTICES a. At all stages of the relationship with consumers, financial service providers should be required to treat consumers fairly. b. Financial service providers should be required to consider the outcome for consumers of their products, services, procedures, strategies, and practices to ensure compliance with clause C2(a). c. Financial service providers should be prohibited from, and held legally accountable for, employing any practice that could be considered unfair. d. The regulatory framework should also prohibit specific unfair practices related to particular retail deposit and credit products and services. e. Bundling and tying practices should not be permitted when such practices unduly limit consumer choice or hinder competition. Explanatory Notes any kind—including, for example, poorer treatment due Besides having terms and conditions in consumer agree- to a consumer’s faith, political affiliation, or sexual orienta- ments that are fair, financial service providers also need to tion—should be prohibited. ensure that their relationships with consumers are fair, just, Many unfair practices—including aggressive sales tac- and honest, including when third parties such as agents tics such as unsolicited SMS loan offers increasingly used are involved. This is to avoid disrespectful, discriminatory, in digital credit, abusive loan collection (physical or moral or abusive practices that may not be in direct conflict with threats to the borrower), and the sending of credit cards the contractual terms and conditions. Treating consumers to consumers who have not requested them—can pose fairly should be an affirmative obligation for financial ser- significant problems for consumers and lead to overin- vice providers and an integral part of their corporate and debtedness and other outcomes negative to consumer risk culture. Assessing how this culture is translated into welfare, although the practices are unrelated to the actual practice at the provider level is an important item in a contractual terms. Effectively identifying those unfair prac- supervisory authority’s activities. For example, regulators tices that pose the greatest threat to consumers will such as the FCA in the United Kingdom and the BNM in depend in great part on how well the authority is able to Malaysia require regulated entities to demonstrate how access and analyze data regarding consumer complaints. the concept of “treating customers fairly” is embedded in The regulatory framework should have specific prohi- their business model and practices, from the product bitions of unfair practices with respect to particular types research to the post-sales stage. of products. For example, the credit card industry in many Special attention should also be drawn by the author- countries has over time seen a number of harmful prac- ity to the particular needs of, and difficulties faced by, vul- tices arise (and corresponding policy responses to address nerable groups—for example, low-income, inexperienced, such practices). Problems such as charges on unsolicited physically disabled, or socially or economically marginal- cards become more serious when the target customer ized consumers such as indigenous people, rural popula- segment consists of low-income consumers and where tions, and women. Depending on a particular country’s credit cards can be offered by a variety of bank and non- context, specific protections for vulnerable groups may be bank providers. Measures have been taken by countries included in the regulatory framework. Discrimination of such as the United States74 and Brazil, which brought pre- 36   Good Practices for Financial Consumer Protection viously unregulated credit card issuers under the purview of new screening models. Policy makers’ efforts could of the Central Bank of Brazil, to update the rules applica- benefit from seeking feedback from consumers, such as ble to credit cards to address these issues. For example, through consumer research, so that balanced regulations regulators should consider prohibiting bank and nonbank can be crafted. credit card providers from engaging in the following com- However, identifying unfairness is not always straight- mon unfair practices: forward. In some cases, it will be the role of the authority • Sending unsolicited preapproved credit cards to cur- to set minimum standards and procedures to define, at rent or potential customers and charging them for any least in the first instance, whether any given practice is fees related to cards that have not been accepted by unfair or not. For example, in some countries, MFIs require the consumer female loan applicants to have a male cosigner, thereby creating hurdles for women to access loans. Due to pre- • Applying new higher penalty interest rates to the entire vailing cultural norms, this practice may be considered existing balance, including past purchases made at a acceptable in some countries, while in other countries lower interest rate such practice may be deemed unacceptable. • Automatically increasing credit limits without prior con- Bundling and tying,75 which are becoming more com- sent by the consumer mon in developing and emerging consumer finance mar- • “Double-cycle billing” or using compound interest by kets, including digital credit and insurance, either should which card issuers charge interest over two billing not be allowed when they unduly limit consumer choice or cycles rather than one hinder competition or, at a minimum, their negative effects should be counteracted by regulation, such as with Regarding deposit accounts, common unfair practices respect to transparency. Product tying may weaken com- may include the following petition by reducing customer mobility and discouraging • Continuing to charge maintenance fees on inactive the entry of new and particularly smaller financial service accounts that have reached a zero or negative balance providers.76 Bundling also reduces price transparency and comparability across providers, such as by creating “bas- • Applying automatic overdraft facilities and imposing kets” of various financial products and services. For exam- fees and charges related to such facilities without prior ple, after observing the lack of comparability of checking opt-in consent by the consumer account service packages, the Central Bank of Brazil Regarding credit products, policymakers should consider issued a regulation to standardize the composition of requiring fair practices or prohibiting unfair practices such packages of basic services targeted to middle- and low-in- as the following come consumers specifically to allow for better compara- bility of component products and services. • Encouraging use of interest rates applied over the When consumers are required to purchase a product declining balance of the loan, as opposed to flat rates such as a checking account or an insurance policy as a • Requiring use of opt-in clauses for facilities that precondition for receiving a loan, they should ideally be auto-deduct payments and fees (when loans are tied to free to choose the provider of the secondary product, or deposit accounts) at least be given the minimum information required to • Prohibiting the employment of abusive loan collection compare different providers of the secondary product. practices (See C10.) Information regarding the tied product and the right of choice should be made known to borrowers during the In many countries, payday lending is an emerging area of shopping and precontractual phases, and the financial concern for policy makers, and should be monitored to service provider should not sway or pressure consumers identify specific unfair practices that should be addressed. toward a particular provider on the basis of its own com- As noted previously, policy makers should also closely mercial agreement with that provider. monitor developments in digital credit, as the speed and When a choice among different providers for the sec- remoteness of digital credit may take advantage of behav- ondary product is unavailable, the financial service pro- ioral biases and give rise to new types of practices that vider should not be prohibited from tying products, but all may be deemed unfair to consumers. Discrimination and key features, as well as the identity of the provider of the other unfair practices may also be embedded in the algo- tied product, should be disclosed. For example, a finan- rithms supporting digital credit scoring models. (See sec- cial service provider offering microloans in a remote area tion D of annex A, “Retail Payment Services.”) The may not find more than one insurance company willing to authority will need to work to ensure that the principle of provide cost-effective credit life insurance to such custom- fair practices is clearly applied to digital financial services ers. Another common example of a fair tied product is and that providers are made liable for any unfair impacts mortgaged property insurance. On the other hand, a Deposit and Credit Products and Services   37 lender that requires a borrower to open a current account from shifting or abdicating to third parties its contractual in a specific bank only for the purpose of servicing the responsibilities to treat consumers fairly when its products loan could be considered unfair. Tying also may be and services are not delivered directly by its own staff or in imposed on consumers even when not included in the its own facilities. Attention to this issue is particularly rele- consumer agreement. vant when the provider uses intermediaries such as agent Providers of a wide range of services increasingly use network managers, as responsibilities and risks may be agents, including other financial service providers or retail- shared with the intermediary based on a contract between ers, to increase the outreach of their service delivery. It is the provider and its agent. important that the financial service provider be prohibited C3: SALES PRACTICES a. Financial service providers should be required to have and comply with adequate, formal sales policies and procedures. b. Financial service providers should be required to ensure that mis-selling, misrepresentations, aggressive high-pressure sales, and discrimination are not used during the sales process. c. Financial service providers should be held accountable for downplaying or dismissing warnings or cautionary statements in written sales materials. d. Financial service providers and their sales representatives should be required to disclose to a consumer any actual and potential conflicts of interest, particularly when the consumer receive advice before entering into a consumer agreement. Explanatory Notes Therefore, it is important that financial service provid- It is crucial that salespeople use well-designed materials ers have sales policies and procedures that align with that follow B1 and B2. However, though important, sales good practices and strongly and clearly emphasize ethics materials may not be the most important element in a in sales, including the need for consumers to be duly consumer’s decision to acquire a financial product or ser- informed and treated fairly by salespeople. Discrimination vice. Rather, there is evidence that consumers may make of any kind—for example, of people from certain ethnici- their financial decisions based on their level of trust in the ties, social backgrounds, or gender—should be prohib- person selling or advertising the product. In some cases, ited. The sales process should aim to ensure that consumers may disregard information in sales and other consumers acquire products and services that are suitable disclosure materials provided in accordance with regula- to them (see C4, below), thereby reducing the risk of tory requirements, instead relying entirely on what the mis-selling. It also should discourage or prohibit aggres- salesperson says. Salespeople may take advantage of this sive, high-pressure sales tactics, such as unsolicited and behavioral bias and be dismissive of the consumer’s need numerous phone calls to potential borrowers, harassment to read and understand important disclosures. Salespeo- in public settings, exploitation of a consumer’s hardship ple may also employ aggressive, high-pressure sales tac- situation to offer products, and misrepresentations.78 tics to influence a consumer’s behavior. A financial service provider’s sales policies will not be Similarly, when credit is commercialized entirely through effective, however, unless properly enforced. For this to digital means, financial service providers may use tactics happen, clear mechanisms are needed to punish misbe- that take advantage of expected consumer behavior to havior by salespeople and other staff. Also, staff com- drive sales. For example, digital credit providers in several pensation and performance policy must be consistent countries use unsolicited SMS messages to advertise their with ethical sales processes. For instance, a compensa- products. If the same SMS includes a link giving almost tion policy that is centered on aggressive monthly sales instant approval/access to a small loan, consumers may be targets for each type of product may lead to unethical more willing to take the loan, with little regard paid to the sales behavior. (See C8, “Compensation of Staff and actual terms of the loan. As noted previously, the speed of Agents.”) Finally, financial service providers should be delivery and the ease and anonymity of the credit offer required to qualify their sales staff accordingly. (See C6, may make borrowing decisions less intentional.77 “Professional Competence.”) 38   Good Practices for Financial Consumer Protection C4: PRODUCT SUITABILITY a. Where appropriate, before providing advice or concluding an agreement regarding a deposit or credit product or service, financial service providers should be required to gather sufficient information about the consumer to enable it to provide a product or service suitable for the consumer’s needs and financial capacity. b. Financial service providers should take reasonable steps to ensure that, taking into account the facts disclosed by the consumer and other relevant facts about the consumer of which it is aware, any product or service it recommends is suitable for that consumer. c. Regulatory requirements regarding product suitability should be flexible and balanced in order to avoid overburdening providers or excluding certain consumers, as well as to accommodate innovations in digital financial services. Explanatory Notes with microfinance and payday loans in many countries. Product suitability is an important component of responsi- Borrowers often either take on a sequence of loans follow- ble finance. Achieving product suitability puts the onus on ing a new loan, or roll over their loans, sometimes incurring financial service providers to ensure that there is compati- high costs and fees as a result. Responsible payday lenders bility between what is being offered to a consumer and the could avoid these situations by offering larger loans with consumer’s specific needs and profile. While product suit- more appropriate repayment schedules from the start, or ability requirements may be aspirational in some countries, by referring the consumer to another lender. However, there are different degrees to which such requirements can financial service providers may have little incentive to be put in place. For example, initial efforts can focus on address product suitability, since many consumers may not reasonable and appropriate consumer assessments. Fin- know what an appropriate loan would be, do not know CoNet has identified as good practice requiring financial how to protect themselves after the loan is taken, or are service providers to reasonably assess the interests of a wary of requesting changes for fear of losing access to cur- consumer prior to extending any credit facility.79 Similarly, rent and future loans. Appropriate policy action may there- Principle 6 of the G20 FCP Principles notes that financial fore be called for to address such practices. service providers should assess the “financial capabilities, As recommended by the ITU-T Focus Group Digital situation and needs of their customers” before providing Financial Services, to the extent possible, providers should them with a product, advice, or service. also be responsible for ensuring the suitability of their With respect to credit products, a key element of prod- offerings when commercializing new types of credit pow- uct suitability is the concept of responsible lending, which ered by technology, such as digital credit. Digital credit is is centered on balancing affordability with the financing often extended remotely and based on credit-scoring needs of the consumer. In consumer and microfinance methodologies that use a range of alternative data and lending, providers sometimes may not assess a potential differentiated algorithms. There is usually little or no inter- borrower’s payment capacity sufficiently. Such assess- action or exchange of information between the potential ments should be required, and reassessments could also borrower and the financial service provider. While most be required when the product being offered increases the digital credit products are very low value and may have consumer’s debt substantially. Particularly for NBFI clients limited financial impact on consumers, larger loans may who often operate in the informal sector and for environ- use similar technologies and bring hardship for the con- ments where the scope of credit reporting may be limited sumer if not suitable. and not extend to all NBFIs, providers should clearly Although the principle of suitability should create an explain to consumers that it is their responsibility and in obligation for financial service providers, the regulatory their benefit to provide accurate and truthful data. requirements related to product suitability should be bal- Financial service providers often offer standardized anced and proportionate to the risks and complexity of loan products to a range of consumers with different the products being offered, to avoid undue burdens to financing needs and income streams that differ in their size both providers and the supervisory authorities. For and frequency. As a result, such loans frequently end up instance, where possible and appropriate, financial service being of inadequate size or term, leading consumers to providers should be required to gather information about seek parallel or sequential loans. This situation is observed a prospective consumer in order to offer a product or ser- Deposit and Credit Products and Services   39 vice that is suitable for that consumer. But the amount and Beyond requiring providers to take steps to determine type of documentation collected and kept by the provider product suitability, an emerging area of regulation to will need to vary according to the type of product and the address issues with unsuitable products more directly is type of customer.80 Rigid requirements can create barriers product regulation. Product regulation may take two or undue costs to providers serving a wide range of con- forms: prohibiting or mandating specific products or sumers—for example, low-income consumers who are not product characteristics, and requiring that the product able to comply with some documentation requirements.81 design process ensures good consumer outcomes. The Furthermore, since terms such as adequate, suitable, first form is more commonly applied to investment prod- responsible, and affordable can be interpreted differently ucts but can also be used for retail deposit and credit by different providers, the authority should provide clear products and services as well where specific products or guidelines on the interpretation of such terms to provide product characteristics are determined to be patently clarity and ensure consistency in supervisory oversight. unsuitable for consumers. For example, the Central Bank Finally, as markets are evolving quickly, particularly in of Brazil banned a specific payroll loan product linked to a developing and emerging countries, suitability require- debit card, deeming it inherently detrimental to consum- ments should also evolve for innovations with the poten- ers. A FinCoNet survey has found that only a small num- tial to support the growth of financial inclusion and ber of countries currently have such types of regulation.84 responsible finance. Supervisors should identify emerging The second form consists of regulatory requirements good and bad practices and adapt rules accordingly.82 regarding the efficacy of product oversight and gover- A related approach to product suitability that puts a nance by financial service providers and covers the whole stronger onus on financial service providers relates to product cycle from research to post-sales, with the objec- affordability and overindebtedness, increasingly import- tive of producing fair outcomes for consumers in gen- ant topics globally, particularly where consumer credit eral—that is, not for a specific consumer. This approach markets are rapidly expanding. Overindebtedness can could give clearer means for the supervisory authority to have many negative social, economic, and political conse- take action when unsuitable products are introduced in quences. Hence, policy makers in several countries— the market or offered to a particular consumer, even where including Brazil, Peru, and the United States—have there are no regulatory prohibitions on a specific practice established measures such as maximum debt-to-income or product.85 For example, the European Banking Author- ratios for certain types of loans.83 However, particular care ity issued guidelines for European financial supervisors to will be needed when employing more direct policy address product design processes; the guidelines are approaches, such as debt-to-income-ratios and product expected to be an integral part of providers’ organiza- regulation (discussed below), in order to ensure that such tional requirements and internal controls, to ensure fair policies are balanced and proportionate, impose appro- outcomes for consumers.86 Similarly, the United Kingdom’s priate requirements calibrated to the level of risk and Treating Customers Fairly framework requires that prod- complexity of products, and are not unduly limiting access ucts be specifically designed to be suitable for their iden- to financial services. tified target markets. C5: CUSTOMER MOBILITY a. Financial service providers should be prohibited from unduly limiting a customer’s ability to cancel or transfer a product or service to another provider, on the customer’s reasonable notice. b. Financial service providers should be required to provide comprehensive information about its cancellation and portability procedures to consumers, including when products and services are delivered through agents or digital channels. c. Financial service providers should be allowed to charge a reasonable cancellation fee or prepayment penalty only if set out in the consumer agreement, which should also contain its method of calculation. d. Immediately following the signing of a consumer agreement, financial service providers should be required to provide the consumer with a reasonable cooling-off period for financial products or services with a medium- or long-term component or those sold via high-pressure sales or marketing. 40   Good Practices for Financial Consumer Protection Explanatory Notes Customer mobility can also be enabled by requiring The ability to switch products and services easily and inex- cooling-off periods. These are grace periods during which pensively—whether from one provider to another or customers are permitted to cancel or treat the agreement within the same provider—allows consumers to benefit as null and void without penalty of any kind. Cooling-off from offers that are best for them. The cost to the con- periods are important for certain types of products, such sumer for switching, if any, should be reasonable. For as those subject to high-pressure sales techniques. (See loans, prepayment/closing fees should be allowed only C3.) Products sold remotely without face-to-face contact, for fixed-rate loan agreements. such as loans by phone or over the Internet, should also One type of unfair practice that should be prohibited is benefit from reasonable cooling-off periods, although this the imposition of noncontractual hurdles, such as burden- is not yet common practice for low-value, short-term digi- some procedures for consumers seeking to cancel a ser- tal credit.90 Although no penalty should apply, the con- vice or product or switch to another provider. For example, sumer may be required to pay a pre-agreed reasonable customers may be required to go to a branch to sign long fee to cover the administrative costs incurred by the finan- forms and present an “acceptable” justification for the cial service provider with the early cancellation. intent to cancel the service or close the account. With The length of a cooling-off period should vary regard to loan mobility, lenders may impose obstacles according to the type of product. For example, longer such as a delay in providing the loan account statement periods are warranted for products with a long-term sav- that will be needed by the new lender, or intentionally ings component. The period should also be propor- miscalculating the loan balance to impose further delays. tional to the mechanisms offered to consumers to To address such obstacles, when a consumer in Italy exercise their cooling-off rights. For instance, if the requests to switch their loan to another provider, financial financial service provider requires consumers to sign, service providers are required to complete the procedure present, or send any formal document in order to cancel within a fixed timeframe. If a delay occurs, the consumer is the agreement, and many consumers are located in entitled to an indemnity payment. remote areas where the postal service is unavailable or The Central Bank of Ireland has issued a Switching not reliable, a short cooling-off period will be ineffec- Code, which sets out procedures that must be followed tive. The existence of a cooling-off period and related by financial service providers when a customer decides to procedures should be fully disclosed to consumers both switch a current account from one provider to another.87 in writing and orally. (See B3.) Cancellation and mobility barriers are also becoming Finally, the cooling-off period should not overlap with important in prepaid accounts, particularly when high the reflection period—namely, the time allowed by a finan- levels of market concentration or near-monopoly situa- cial service provider to a potential customer to consider tions exist.88 The new General Data Protection Regula- whether to sign an agreement based on the provider’s tion in the European Union includes a right to “data offer, which remains valid throughout the reflection period. portability,” in order to enable customers to receive their A cooling-off period should start only once an agreement personal data in a structured, commonly used, and between the provider and consumer has been signed. machine-readable format so they can transfer it more easily to another provider.89 C6: PROFESSIONAL COMPETENCE a. Financial service providers should be required to ensure that all relevant staff members and third parties acting on its behalf meet competency requirements, including familiarity with the products and services sold to consumers and financial consumer protection principles and rules. b. The financial service provider’s board of directors should bear ultimate responsibility for ensuring effective implementation of training and competency requirements, and there should be an established system to ensure that the board of directors is adequately informed and able to take corrective action when needed. Deposit and Credit Products and Services   41 Explanatory Notes Regulatory requirements on qualifications, profes- Staff members and third parties interacting either sional competencies, and training should not be too directly or indirectly with consumers can have an import- restrictive or detailed. They should be general, propor- ant impact on consumer protection, during the sales tional, and flexible, so that they can be implemented by a process as well as throughout the product lifecycle. This range of financial service providers of different sizes and includes some positions that do not interact directly complexity, and in a range of different contexts. Compe- with consumers but whose work may affect the outcome tency requirements may also vary by type of position for consumers, such as product design and compliance within the provider and related responsibilities, as well as jobs. (See the discussion of product regulation in the by type of product. For example, complex products will explanatory notes to C4.) Staff members and third par- require greater knowledge and experience. ties should meet minimum competency standards, Financial service providers should have an internal including with respect to financial consumer protection, training and qualification policy in line with their own map- in order to ensure that they are appropriately qualified ping of competencies. Staff and third parties working on to interact with consumers. Personnel in charge of inter- behalf of the financial service provider should be held acting directly with consumers, including those handling accountable for their actions that deviate from internal complaints, should be familiar with the products and policies, laws, and regulations with respect to consumer services sold to consumers. protection and fair treatment of consumers. C7: AGENTS a. Financial service providers should be legally liable for the actions and omissions of their agents. b. Financial service providers should be required to perform appropriate due diligence before contracting with any agent or agent network manager. c. Financial service providers should be required to continuously monitor the performance of their agents, including adherence to regulatory requirements and internal policies and procedures. d. The agency relationship should be governed by a formal agency agreement between the agent and the financial service provider. e. The authority should have legal or regulatory power to assess the activities of financial service providers’ agents and agent network managers and to take appropriate action upon regulatory non-compliance by any agent or agent network manager. Explanatory Notes events such as malls, busy streets, buses, taxis, and fairs. This GP encompasses all persons/entities selling or facili- Agents are therefore useful in urban areas, given their tating products or services on behalf of financial service convenient locations, and are also particularly relevant in providers. This includes not only agents in the strict legal rural areas—for example, to receive remittances sent by sense of a particular jurisdiction, but also any representa- family members. In addition to using commercial estab- tives, introducers, referrers, and retail agents—that is, lishments, financial service providers may also use other third-party establishments or individuals commercializing financial service providers as their agents, such as when a products or services on behalf of financial service provid- bank opens accounts to microfinance consumers using ers in exchange for a fee. This also includes agent network the MFI’s branches. managers who provide agent management services for Such models often provide significant advancements banks and nonbanks.91 in financial inclusion. As agents are an essential element of In an increasing number of countries, such as Bangla- many digital financial service models around the world desh, Brazil, Colombia, Ghana, Guatemala, Kenya, Nige- and, in some instances, are the only points of interaction ria, Philippines, Rwanda, and Tanzania, banks and between consumers and financial service providers, par- nonbanks use agents to market and distribute their prod- ticularly in remote and rural areas, the importance of ucts, such as loans, credit cards, and savings accounts. ensuring consumer protection when agents are being The solicitations and transactions take place at the agent’s used is essential. or another third party’s establishment, or at places and 42   Good Practices for Financial Consumer Protection In line with Principle 6 of the G20 FCP Principles and • Internal dispute resolution mechanisms work reason- the ITU-T Focus Group Digital Financial Services,92 regula- ably well even if agents are utilized (see E1, “Internal tion should ensure that providers are legally liable for the Complaints Handling”). actions and omissions of their agents, including when • Agents do not misuse customer data and information, agent network managers are used to select and conduct and comply with data protection rules. onboarding of individual agents. In general, the same standards of quality, disclosure, fairness, and other aspects In environments where there is an increasing use of agents of consumer protection applicable to services delivered to serve consumers, authorities should monitor whether directly by the staff of a financial service provider should providers are unduly shifting their contractual responsibil- apply when services are delivered by its agents. Regula- ities toward the consumer to agents or other third parties, tion should make financial service providers legally liable such as agent network managers. For instance, a bank for the actions and omissions of its agents, so that provid- may refrain from reimbursing a consumer in a case of ers have a strong interest in assessing and monitoring fraud perpetrated by an agent managed by an agent net- their agents on a continuous basis, and in providing work manager. Such practices may be based on risk-trans- appropriate training to their agents. However, the regula- fer or risk-sharing clauses in the contract between the tory framework should refrain from imposing overly bur- financial service provider and the agent network manager. densome requirements on agents in order to allow for the The transfer of responsibilities away from the provider emergence of different and innovative types of agents, should be curbed through supervision and enforcement. whose activities performed on behalf of financial service Any contractual clause that shifts the provider’s liability providers may vary widely. should be considered void. Another topic of interest to For example, the financial service provider’s policies the authority is whether financial service providers (partic- and procedures toward agents may establish the fol- ularly large ones) impose exclusivity clauses on their lowing:93 agents in a way that limits competition and consumer choice. Finally, the authorities should ensure that agent • Agents are adequately trained and qualified to per- regulations for nonbanks are either the same or very simi- form the consumer-interaction functions agreed in the lar to those applicable to banks, as is the case in Brazil, agency agreement. Colombia, Ghana, and Peru, in order to ensure harmoni- • Agents do not charge unauthorized fees to consumers. zation of consumer protection requirements. Given the issues discussed above, supervisory authori- • Agents do not engage in activities that could harm ties need to have clear power to assess and take action consumers (for example, creating fake transactions to when necessary with regard to agents and agent network withdraw cash from a consumers’ accounts, asking for managers. This includes the power to gather data on a consumer’s PIN or password). transactions and services provided by agents, conduct • The financial or other incentives offered to agents do inspections at agents and agent network managers, sus- not encourage behavior that goes against the princi- pend certain agents from entering into new agreements ples of product suitability and fair treatment (such as with regulated financial service providers, and prohibit encouraging consumers to acquire a product or ser- certain providers from contracting with new agents. For vice that generates higher fees for the agent but is not example, the ITU-T Focus Group Digital Financial Services in the consumer’s best interest). recommends providers be required to report regularly on onboarding, trends, and sanctions of third parties working • Disclosure requirements are complied with (posting of on behalf of the provider, which could allow authorities to charges and fees at the agent establishment, disclos- monitor developments more closely. ing different providers of bundled services), C8: COMPENSATION OF STAFF AND AGENTS a. Financial service providers should be required to have compensation policies that ensure that their staff—including senior executives—and agents are compensated in such a way as to minimize conflicts of interest. b. Financial service providers should be required to have established policies and procedures to manage and resolve actual conflicts of interest with respect to compensation policies that arise in the interaction between their staff and agents and their customers and potential customers. Deposit and Credit Products and Services   43 c. The financial service provider’s board of directors should be held responsible for the policies referenced in clauses C8(a) and (b) and their effective implementation. d. To the extent possible, prior to the provision of advice or the sale of a product or service that will result in a commission to a staff member or an agent, the existence of the commission and its amount should be disclosed to the consumer. Explanatory Notes were widely identified as a contributory factor behind the Increasingly, authorities are turning their attention to the Financial Crisis.”94 These Codes are intended to discour- financial and nonfinancial incentives for proper or age inappropriate risk taking, and include: (i) deferral of improper behavior by individuals working for financial ser- bonuses over time; (ii) limitations on the proportion of vice providers, whether staff members or agents. Com- bonuses that can be met by shares or the equivalent; (iii) pensation is typically a key aspect of a financial service limitations on guaranteed bonuses; (iv) requirements for provider’s business practices to take into consideration. policies on governance and risk taking and management; As stated in Principle 6 of the G20 FCP Principles, and (v) annual publication of remuneration policies. Like- remuneration structures should be designed to encour- wise, other countries have instituted regulations setting age responsible business conduct and avoid conflicts of standards for compensation.95 In China, banks’ compensa- interest. For example, it can be particularly problematic tion systems need to provide an appropriate mix of short- when staff members and agents are compensated solely and long-term incentives, and the payout schedule should on the basis of sales volume. Remuneration should be be aligned with the time horizon of risks of the relevant based, at least in part, on elements such as consumer business. In the Netherlands, regulation requires that com- well-being and satisfaction, loan-repayment performance, pensation be based on longer-term performance and product retention, compliance with regulatory require- should vary according to the type of activity performed by ments/internal policies and COCs, fair treatment of con- staff or agents. International standards relevant to the sumers, satisfactory audit and compliance review results, compensation policies of banks and NBFIs have also been and the results of complaint investigations. Compensation issued by the FSB, and an assessment methodology of should have elements reflective of long-term perfor- such standards has been published by the BCBS.96 mance, and not merely short-term sales targets. The Inappropriate or misaligned incentives for loan offi- objective is to ensure an effective alignment of compensa- cers have been behind some of the most notable failures tion with prudent risk taking, while encouraging trust- in the microfinance sector globally. In this industry, it is worthy, responsible, professional behavior and a corporate particularly critical that incentives are aligned with the culture that works toward regulatory compliance and fair interests of consumers and good portfolio risk manage- treatment of consumers. ment, due to the higher level of freedom allowed to MFI The Remuneration Codes of the United Kingdom’s loan officers compared to the more strict separation of FCA set the standards that banks and NBFIs must meet front- and back-office functions that is normally required when setting pay and bonus awards for their staff, with the of banks.97 justification that “inappropriate remuneration policies C9: FRAUD AND MISUSE OF CUSTOMER ASSETS a. Financial service providers should be liable to customers for losses due to fraud or misuse involving customer assets held, administered, or controlled by the provider, except in cases of consumer fraud or gross negligence. b. Financial service providers should be required to have and implement adequate policies and procedures that aim to protect customers’ deposits and other assets against internal or external fraud or misuse. c. Financial service providers should have and implement clear policies and procedures to resolve cases of suspected fraud or misuse regarding customers’ accounts. 44   Good Practices for Financial Consumer Protection Explanatory Notes cases of reported unauthorized transactions and other sit- Fraud and unauthorized transactions can be extremely uations in a timely manner. These policies should include detrimental to consumers’ confidence in financial service the duty to communicate with customers throughout the providers, and especially deleterious for low-income con- process of investigating their cases and reimbursing the sumers when such occurrences are not resolved promptly value of the transaction both temporarily (that is, while the and effectively. In particular, fraud is becoming a major investigation is ongoing) and permanently (after the inves- concern in countries where access to the formal financial tigation has concluded). For example, providers ideally sector by millions of new consumers, including consumers should reimburse a reported victim of fraud immediately, with limited prior experience with financial service or digi- providing a value equivalent to the unauthorized transac- tal devices, is happening primarily through digital financial tion while further investigation is conducted, up to a cer- services and electronic channels more broadly and facili- tain reasonable threshold. The reimbursement should be tated by retail agents.98 confirmed when the investigation is over, unless it can be Countries are strengthening their regulation and proven that the unauthorized transaction resulted from supervision to identify potential fraudulent activities and the consumer’s own gross negligence or fraud. The con- to prevent them from occurring, such as by requiring sumer must be informed of the procedures, which should timely reporting of confirmed or suspected instances of not be unduly burdensome to the consumer, and the bur- fraud. Regulators are also assessing the quality of financial den of proof should lie on the financial service provider. service providers’ management of this type of operational Various types of fraud and scams abound, including risk, as well as whether their procedures to deal with actual those involving consumer loans. One example is of agents cases (which need to be formalized in internal policies) are requesting borrowers to sign a blank loan document, fair to consumers. The ITU-T Focus Group Digital Financial which is then completed with clauses allowing agents to Services recommends that providers be made liable for roll over the loan to other lenders without the consumer’s the loss or harm due to fraud related to the digital finan- prior consent, generating new fees for the agent. Finan- cial services platform, staff, agents, and third-party service cial service providers should conduct periodic audits to providers.99 However, it is important that regulation be test the robustness of internal controls in preventing and balanced, proportional, and agnostic with respect to the identifying any type of fraud. Such internal evaluations, technology used to increase security and safety of transac- and actual fraud cases, should be used to improve opera- tions, since improperly designed regulation could other- tional procedures and fraud-detection systems. Providers wise inadvertently curtail healthy innovation, competition, should also have clear policies and mechanisms in place and market development. to investigate staff suspected of involvement in fraud. Numerous reference materials are useful in this area. In addition, fraud and scams perpetrated by illegal Relevant international standards on operational risk man- providers of financial services or persons pretending to agement include the Principles for Sound Management of provide financial services are becoming more common as Operational Risk by the BCBS.100 With regard to digital a result of the greater range of institutional types and financial services, the GSM Association, Microsave, and the delivery channels used by financial service providers, Alliance for Financial Inclusion have all published relevant which makes it more difficult for consumers to differenti- documents cataloging and defining fraud risks, and the ate between legitimate providers from fraudsters. For International Finance Corporation has a toolkit with recom- instance, a scammer may promise a loan, usually to a per- mendations on curbing fraud.101,101 The FCA in the United son with a poor credit history and facing financial hard- Kingdom has published a guide on financial crimes includ- ship, in exchange for an advance fee.105 The supervisor ing fraud.103 There are guidance papers for MFIs looking to needs to have the power to act against illegal providers. manage their fraud risk as well.104 See also related discus- (See A1 and A2.) A basic step should be to publicize a list sions in C7, “Agents,” and section D, “Privacy and Data of registered and licensed financial service providers, Protection,” in this chapter; and C7, “Protection and which should be accompanied by efforts to raise con- Availability of Customer Funds,” C8, “Authorization, sumer awareness regarding the need for consumers to Authentication, and Data Security,” and C9, “Unautho- check whether purported providers are in fact legitimate. rized and Mistaken Transactions and Liability for Loss,” For example, the BNM in Malaysia has created a mobile in annex A, “Retail Payment Services.” app, BNM My Link, which consumers can download for As indicated in Principle 7 of the G20 FCP Principles, free. It provides a direct channel of communication to all financial service providers should be required to have pol- financial service providers licensed by the BNM, allowing icies, systems, and controls in place to deal effectively with consumers to make inquiries or complaints. Deposit and Credit Products and Services   45 C10: DEBT COLLECTION a. Financial service providers and any third parties acting on their behalf should be prohibited from employing abusive debt-collection practices, including the use of false statements, practices akin to or constituting harassment, or the giving of false or unauthorized credit information to third parties. b. The type of debt that can be collected on behalf of a financial service provider, the person who can collect any such debt, and the manner in which such debt can be collected should be clearly stated in the credit agreement. c. There should be an adequate regulatory regime governing the activity of debt collection. d. In the event a debt collector has a statutory right to contact any third party about a borrower’s debt, the debt collector should exercise such right only provided he or she informs both the third party and the debtor Of the debt collector’s statutory right to do so; and i. The type of information that the debt collector is seeking. ii. e. Where the sale or transfer of a debt without the borrower’s consent is permitted by law, the borrower should be Notified of any such sale or transfer within a reasonable number of days thereafter; i. Informed that the borrower remains obligated on the debt; ii. Provided with information as to where to make payment; and iii. Provided with the purchaser’s or transferee’s contact information. iv. Explanatory Notes tion and Consumer Commission and ASIC, provides Abusive practices—for example, daily phone calls, threat- guidance on the entire collection process from the first ening or aggressive language, harassing relatives and contact with the borrower to dispute resolution. For exam- coworkers, publicly embarrassing borrowers, knocking at ple, it prohibits the debt collector from using abusive, borrowers’ doors, or making calls during late-night or early- offensive, obscene, or discriminatory language; embar- morning hours—are often used by a range of financial ser- rassing or shaming the borrower; adopting an intimidat- vice providers such as consumer lenders and credit card ing manner; using violence or physical force against the companies, particularly against low-income, elderly, and borrower; or misleading the consumer about the extent of other more vulnerable consumers, and particularly when the debt or the consequence of nonpayment. The FCA in third-party debt collectors are utilized. In a number of the United Kingdom also has rules for debt collectors.107 countries, safeguards against abusive debt collection Providers should be required to have in internal docu- remain weak and may be coupled with weak judicial sys- ments and trainings clear guidelines and rules on what tems. There is a further risk that weak safeguards against constitute appropriate and inappropriate debt-collection abusive debt collection (i) strengthen the call for a more practices. Providers should also bear liability for the cumbersome recovery process; (ii) lead to moratoriums on actions of debt collectors acting on their behalf. collection; and (iii) earn the sympathy of courts. As a result, Abusive and aggressive debt collection has been an debt collection can become a prolonged and expensive issue in many credit markets, including the microfinance process that increases the cost of financing in the long sector. For instance, some MFIs traditionally followed a run, thereby harming consumers and financial inclusion. no-tolerance policy toward delinquency that resulted in Sound regulation on debt collection is therefore abusive practices toward consumers. These practices led needed (which can have general application to all types of to the specific inclusion of debt collection in the Client debt). The United States, for instance, has the Fair Debt Protection Principles of the Smart Campaign, which advo- Collection Practices Act.106 In Australia, the Debt Collec- cates for fair and respectful treatment of consumers in the tion Guideline, jointly issued by the Australian Competi- microfinance sector.108 46   Good Practices for Financial Consumer Protection D: DATA PROTECTION AND PRIVACY109 D1: LAWFUL COLLECTION AND USAGE OF CUSTOMER DATA a. Financial service providers should be allowed to collect customers’ data within the limits established by law or regulation and, where applicable, with the customer’s consent. b. The law or regulation should establish rules for the lawful collection and use of data by financial service providers, including when consumer consent is required, and clearly establishing at a minimum How data can be lawfully collected; i. How data can be lawfully retained; ii. iii. The purposes for which data can be collected; and iv. The types of data that can be collected. c. The law or regulation should provide the minimum period for retaining all customer records, and throughout this period, the customer should be provided ready access to such records for a reasonable cost or at no cost. d. For data collected and retained by financial service providers, providers should be required to comply with data privacy and confidentiality requirements that limit the use of consumer data exclusively to the purposes specified at the time the data were collected or as permitted by law, or otherwise specifically agreed with the consumer. Explanatory Notes Financial service providers should be allowed to legally Financial service providers collect many different types of collect, retain, and use personal information after obtain- personal information from and regarding their customers, ing lawful and informed consent from the consumer or on including contact details, consumer agreements, transac- some other legitimate basis, including when related to the tion logs, and passwords. Given the potential for misuse provision of the specific financial product or service the of such information, it is essential that data collection be consumer acquired. International guidance is clear in regulated to avoid the risk of harm to consumers. For establishing that “the collection of personal data and any example, financial service providers may otherwise collect such data should be obtained by lawful and fair means sensitive information and use it for unfit purposes that and, where appropriate, with the knowledge or consent of may harm consumers. Reasons for ensuring data protec- the data subject.”111 While the policies and practices tion and privacy include: regarding what constitutes lawful collection of data differ both across jurisdictions and among international guid- • The sensitivity of the personal information held and ance and principles, lawful and informed consent rep- used in financial services resents an underlying and cross-cutting theme. What • The extensive information flows that take place in constitutes informed consent can also pose challenges, financial services, such as between providers and particularly where adhesion contracts are common, or in agents and between members of a corporate group the era of digital financial services, big data, and alterna- that includes one or more financial service providers tive credit scoring models. Furthermore, following the approach of treating data • The increasing likelihood of information being received privacy as a human right, Convention 108 of the Council and held electronically, with a corresponding increase of Europe (COE Convention) establishes that data shall in the risk of remote, unauthorized access to such data undergo automatic processing only for a legitimate pur- • The fact that privacy is a fundamental human right pose and that certain categories of sensitive data cannot deserving of protection, as indicated in various interna- be processed automatically, unless national legislation tional declarations and conventions that have been provides appropriate safeguards.112 ratified by many countries110 Financial service providers may also have incentives to store personal information for longer than necessary. Therefore, the major international instruments also recom- Deposit and Credit Products and Services   47 mend that limitations be placed on data retention.113 For For purposes of credit reporting, data should also be example, the COE Convention states that data must be relevant to the purpose for which it was collected and of “preserved in a form which permits identification of the good quality. If there are no requirements on the quality of data subjects for no longer than is required for the pur- data, there is the risk that erroneous information may be pose for which those data are stored.”114 collected and processed, potentially adversely affecting The lawful collection of data is strictly connected to the consumers. See annex B, “Credit Reporting Systems,” purpose for which data are collected, and financial service for further discussion of this topic. providers should be permitted to use the data only for The use of alternative data and big data analytics pres- these purposes. For example, selling data to third parties ents exciting opportunities with respect to financial inclu- for marketing purposes without prior authorization by the sion but has raised new issues with respect to financial consumer should be prohibited. If law or regulation is consumer protection—or, rather, the application of exist- silent on this issue, there is a risk that financial service pro- ing principles with respect to data protection and privacy viders may collect information for certain purposes for to new types of data and data analytics, in particular which customers may be willing to give consent, but then related to the principles of specific use of collected data, use that same information for other purposes that may be data ownership, and informed consent. The thinking detrimental to customers’ interests and for which the cus- around how best to address these issues is evolving rap- tomer may not otherwise have given consent. Providers idly. As recommended by the ITU-T Focus Group Digital should also be prohibited from disclosing consumer infor- Financial Services, authorities should strive to identify any mation to third parties for unauthorized uses—that is, gaps in the legal and regulatory framework for data pro- without the consumer’s prior consent—such as for market- tection and privacy with respect to digital financial ser- ing purposes. vices. See D1 in annex A, “Retail Payment Services,” for further discussion of this topic. D2: CONFIDENTIALITY AND SECURITY OF CUSTOMERS’ INFORMATION a. Financial service providers should be required to have and implement policies and procedures to ensure confidentiality, security, and integrity of all data stored in their databases that relate to their customers’ personal information, accounts, deposits, deposited properties, and transactions. b. In order to ensure confidentiality, when establishing policies and procedures, financial service providers should also establish different levels of permissible access to customers’ data for employees, depending on the role they play within the organization and the different needs they may have to access such data. c. In order to maintain the security of customers’ data, financial service providers should also be required to have and implement policies and procedures to ensure security related to networks and databases. d. Financial service providers should be held legally liable for misuse of consumer data. e. Financial service providers should be held legally liable for any breaches in data security that result in loss or other harm to the customer and should put in place clear procedures to deal with security breaches, including mechanisms to reimburse or compensate consumers. Explanatory Notes procedures. For example, in some developing countries It is critical that the information collected by financial ser- with fast-growing markets for digital financial services, vice providers be kept safe, unaltered, and confidential. retail agents have been found to be given PINs or pass- Security should be in place to protect against unautho- words by customers in order to facilitate conducting trans- rized access to a consumer’s information and any threats actions, practices that pose obvious risks to data security. or hazards to data security or integrity. Financial service (See C6 in annex A, “Retail Payment Services.”) providers should be required to have policies and proce- With regard to data security, many countries, including dures in place to ensure the privacy and protection of con- Colombia, Mexico, and Singapore, have regulations sumer data, and their boards of directors should be held requiring financial service providers to have adequate pol- responsible for the effective implementation of such poli- icies, procedures, and systems in place to ensure the cies. Financial service providers’ staff and agents should security of their electronic data, including client data. Rel- be continually and adequately trained in such policies and evant topics covered include entry of data, alterations, 48   Good Practices for Financial Consumer Protection access, deletion, secure transfers, secure archiving, and cover both electronic and paper-based data. This GP can back-up systems. Although such rules should be similar be regarded as outlining the minimum requirements for for banks and NBFIs, they should be general enough to banks and other large financial service providers; many allow flexibility in implementation by smaller providers as countries require more.115 compared to larger ones. Security mechanisms should D3: SHARING CUSTOMER INFORMATION a. The law should provide rules for the release to and use of customer information by certain third parties such as government authorities, credit registries or credit bureaus, and collection agencies. b. Whenever a financial service provider is legally required to share a customer’s information with a third party, the provider should be required to inform the customer in writing (including in an electronic form) in a timely manner of The third party’s precise request; i. The specific information of the consumer that has been or will be provided; and ii. How and when that information has been or will be provided and how it will be used. iii. c. Subject to the exceptions noted in clauses D3(a) and (b), above, without a consumer’s prior written consent as to the form and purpose for which their data will be shared, the law should prevent a financial service provider from selling or sharing any of a consumer’s information with any third party for any purpose, including telemarketing or direct mailing, unless such third party is acting on behalf of the provider and the information is being used for a purpose that is consistent with the purpose for which that information was originally obtained. d. Before any such sharing for the first time, the financial service provider should be required to inform the consumer in writing of his or her data privacy rights in this respect. e. Financial service providers should be required to allow consumers to stop or opt out of any sharing by the financial service provider of information regarding the consumers that they previously authorized (unless such sharing is mandated by law). f. In the case of tied products, the consumer should be informed if a third party will have access to the consumer’s information. g. Unless it is a credit bureau or a credit registry, the third party should be prohibited from disclosing the shared information regarding a consumer. Explanatory Notes Increasingly, financial services, particularly when tar- Financial service providers may share customer data with a geting low-income consumers, involve a range of entities range of third parties as required by law or for business that may be inside or outside the corporate group of the purposes, including credit registries; a range of govern- financial service provider directly responsible for the ser- ment authorities, such as financial sector supervisors, tax vice. In many instances, several actors will need to access authorities, courts, and financial intelligence units; collec- consumer information—for instance, to produce a credit tion agencies; affiliated entities; and marketing companies. scoring model, design customized communications with a The legal and regulatory framework for data privacy appli- particular consumer, or conduct other types of data ana- cable to financial service providers should strike a balance lytics. For example, the increasing use of open application between protecting privacy of individual consumers with programming interfaces (APIs) has the potential to expand the need to share such data for outsourcing arrangements the availability of targeted financial products and services and services that require a minimum of data sharing offered to consumers by third parties. As the types of enti- between several parties participating in service delivery, ties in the financial services value chain grow, and the including domestic and cross-border data sharing. types of consumer information sources expand, it Deposit and Credit Products and Services   49 becomes more challenging and complicated to regulate possible as required by the consumer. For example, elec- consumer data protection and privacy effectively while tronic consumer agreements may come with a waiver balancing potential benefits to financial inclusion. In Mex- marked by default that allows the sharing of consumer ico, the law protects personal data from third-party shar- data with third parties for marketing purposes. Unless ing, but this has not prevented financial regulators from the consumer rejects the default waiver, the information allowing agency arrangements in which regulated provid- will be shared. This type of practice should not be ers hire mobile network operators to manage low-value allowed; rather, active consent by the consumer should customer accounts, provided that minimum privacy and be required to be obtained. Waivers should also be for security mechanisms are put in place. Considering the specific and limited purposes. increasing adoption of partnerships and outsourcing In the event that consumer data need to be shared arrangements in digital financial services, it is important with government authorities such as the police, prosecu- that the regulation keeps financial services providers lia- tors, tax authorities, or financial sector regulators, specific ble for protecting client data regardless of the number rules and procedures should be laid out in the law or reg- and types of third parties involved in the design, sale, and ulation, including: delivery of services. • Rules on what the government authority may and may Consumer waivers on privacy rights should be design- not do with such records ed so that they do not take advantage of consumer behavioral biases, effectively give consumers the choice • The exceptions, if any, that apply to these rules and to share or not share their data, and ensure that consum- procedures, such as for national security ers understand the consequences of their action. The • The penalties for the financial service provider and any staff or agent of the financial service provider should government authority for any breach of these rules and explain such a waiver orally to the consumer whenever procedures E: DISPUTE RESOLUTION MECHANISMS E1: INTERNAL COMPLAINTS HANDLING a. Every financial service provider should be required to have an adequate structure in place as well as written policies regarding their complaints handling procedures and systems—that is, a complaints handling function or unit, with a designated member of senior management responsible for this area, to resolve complaints registered by consumers against the provider effectively, promptly, and justly. b. Financial service providers should be required to comply with minimum standards with respect to their complaints handling function and procedures. These include the following: Resolve a complaint within a maximum number of days, which should not be longer than the maximum i. period applicable to a third-party external dispute resolution mechanism. (See E2.) ii. Make available a range of channels—telephone, fax, email, web—for submitting consumer complaints appropriate to the type of consumers served and their physical location, including offering a toll-free telephone number to the extent possible, depending on the size and complexity of the financial service provider’s operations. Widely publicize clear information on how a consumer may submit a complaint and the channels made iii. available for that purpose, including on providers’ websites, marketing and sales materials, KFSs, standard agreements, and locations where their products and services are sold, such as branches, agents, and alternative distribution channels. (See B1, “Format and Manner of Disclosure.”) iv. Publicize and inform consumers throughout the complaints handling process, and particularly in the final response to the consumer, regarding the availability of any existing ADR schemes. (See E2.) Adequately train staff and agents who handle consumer complaints. v. vi. Keep the complaints handling function independent from business units such as marketing, sales, and product design, to ensure fair and unbiased handling of the complaints, to the extent possible, depending on the size and complexity of the provider. 50   Good Practices for Financial Consumer Protection Within a short period following the date the provider receives a complaint, acknowledge receipt of vii.  the complaint in a durable medium—that is, in writing or in another form or manner that the consumer can store—and inform the consumer about the maximum period within which the provider will give a final response and by what means. Within the maximum number of days, inform the consumer in a durable medium of the provider’s viii. decision with respect to the complaint and, where applicable, explain the terms of any settlement being offered to the consumer. Keep written records of all complaints, while not requiring that the complaint itself be submitted in ix.  writing—that is, allow for oral submission. c. Financial service providers should be required to maintain and make available to the supervisory authority up-to-date and detailed records of all individual complaints. d. The financial service provider’s complaints handling and database system should allow the provider to report complaints statistics to the supervisory authority. e. Financial service providers should be encouraged to use analysis of complaints information to continuously improve their policies, procedures, and products. Explanatory Notes or to forward the complaint to the financial service provid- Financial service providers should be required to have ers’ complaints handling unit. written policies and effective mechanisms and systems for With respect to MFIs, microfinance customers may the proper handling and resolution of consumer com- interact exclusively with a loan officer or agent who col- plaints. The provider should have someone responsible lects loan payments and insurance premiums. Since the for the operations of the complaints handling function, loan officer is also a salesperson who therefore has influ- but the ultimate responsibility for effective implementa- ence over the borrower’s ability to obtain future loans, tion of complaints handling policies should fall on its consumers may be reluctant to present complaints to the board of directors. Financial service providers, particularly loan officer or agent. Therefore, providers should ideally those serving low-income or remotely located consumers, offer other channels for complaints, such as via phone, should offer adequate channels (including with respect to text message, email, website complaint forms, or via working hours) for consumers to register their complaints staff in branch offices, so that consumers can register without undue access and transportation costs or waiting complaints, including against agents, branch employ- times. Specially tailored channels may also be needed for ees, and loan officers. illiterate consumers, consumers who speak only local dia- As noted in Principle 9 of the G20 FCP Principles, there lects, and the speech- or hearing-impaired. should be minimum regulatory requirements regarding While it is common for providers of digital financial ser- the internal procedures for handling complaints and the vices such as digital credit to operate within the organiza- dissemination of related information, and the require- tional structure of a parent company, such as a mobile ments should be similar across regulated entities offering network operator, they should be required to assign ded- similar services, such as banks and nonbanks. However, icated and specialized staff and procedures (such as the requirements should be flexible enough or not too scripts) to handle complaints regarding financial services. burdensome, so smaller providers with less complex oper- The provider should also be able to prioritize phone calls ations can also comply with them without incurring dispro- of the two companies separately—that is, digital credit portionate costs. An example is the requirement for the consumers should not be placed on the same waiting list complaints handling function to be independent—that is, as mobile phone consumers—such as by having a dedi- not linked to the business units. This may not be possible cated hotline.116 in small providers due to limited resources. In such cases, As providers increasingly leverage alternative distribu- the provider should ensure that complaints are still han- tion channels for product and service delivery, the role of dled properly, such as through impartial analysis of the such channels in internal complaints handling should be case, which in turn requires clear policies and procedures considered. For example, when financial service providers and adequate board support. serve consumers primarily through agents that are closer The responsibility for resolving complaints in the first in physical proximity to the consumer, agents should be instance should rest with the financial service provider. properly trained to receive and resolve simple complaints (See A3.) To encourage consumers to place trust in and Deposit and Credit Products and Services   51 seek the provider’s internal dispute resolution mechanism Providers’ complaints handling function should be first, instead of external channels such as the authority, required to maintain up-to-date records of all complaints, certain measures may need to be utilized. For example, with full information on each complaint, including a where feasible, the various agencies receiving consumer record/reference number of the case, the contact details complaints could coordinate to create a hierarchical pro- of the complainant, a description of the complaint, its cess in which complaints that have not been presented to classification within an internal classification system, the the financial service provider first cannot be accepted by investigations carried out by the provider’s business units, external channels. For example, the financial supervisor the communications with the customer, the action taken and the consumer protection agency in Peru have coordi- by the financial service provider, the response to the con- nated with financial service providers to use a common sumer, copies of other relevant correspondence or case file number that is generated by the provider when a records, and whether resolution was achieved and, if so, customer files a complaint. This number then needs to be on what basis. Most providers should be able to acquire a presented to the external channel should the customer be complaints handling and database system, but regulation unsatisfied with the solution offered by the provider’s should be flexible enough to accommodate smaller pro- complaints handling process. Alternatively, if the authority viders. The information extracted from complaints statis- and/or other third parties receive complaints in the first tics can, and should be encouraged to, be fed into internal instance, there should be a mechanism through which processes to improve the provider’s products, services, these complaints are forwarded to financial service pro- practices, and documentation, as part of the provider’s viders’ complaints handling function. broader efforts to treat customers fairly. E2: OUT-OF-COURT FORMAL DISPUTE RESOLUTION MECHANISMS a. If consumers are unsatisfied with the decision resulting from the internal complaints handling at the financial service provider, they should be given the right to appeal, within a reasonable timeframe (for example, 90–180 days), to an out-of-court ADR mechanism that Has powers to issue decisions on each case that are binding on the financial service provider (but not i. binding on the consumer); Is independent of both parties and discharges its functions impartially; ii. Is staffed by professionals trained in the subject(s) they deal with; iii. Has an adequate oversight structure that ensures efficient operations; iv. Is financed adequately and on a sustainable basis; v. Is free of charge to the consumer; and vi. Is accessible to consumers. vii. b. The existence of the ADR mechanism, its contact details, and basic information relating to its procedures should be made known to consumers through a wide range of means, including when a complaint is finalized at the provider level. c. If the ADR mechanism has a member-based structure, all financial service providers should be required to be members. Explanatory Notes standards as provided by law or regulation, including Having out-of-court ADR mechanisms for consumers to those listed above. Such ADR mechanisms should also be seek redress when they are not satisfied with the result of monitored—for example, by an independent body such financial service providers’ internal complaints handling is as a board of directors that is accountable to a regulatory very important, as clearly stated in Principle 9 of the G20 or other governmental authority. FCP Principles. This is particularly the case in the many When establishing an ADR mechanism for resolving countries where the judicial system does not work prop- consumers’ disputes with financial service providers, policy erly for retail consumers, due to being too burdensome, makers should consider a range of possible models. For expensive, unreliable, intimidating, or not timely. ADR instance, ADR mechanisms can be established by industry mechanisms should be in place and follow clear minimum associations or consumer associations, or be a govern- 52   Good Practices for Financial Consumer Protection ment agency created by law. In many jurisdictions, industry There are also multiple options for funding ADR mech- schemes are created under a general legal framework that anisms. Funding may be provided from public sources, establishes minimum standards, such as in Australia and private sources, or a combination of the two. In the case Belgium. Industry schemes can play an important role par- of public funding, funds may be allocated by the central ticularly in NBFI sectors that are unregulated or where reg- government—that is, out of taxation, as in Lithuania—or ulation and supervision is minimal. There are examples of from the budget of a specific government authority, such microfinance SROs or industry associations creating their as the central bank or other financial regulators—that is, own industry schemes with support from organizations like out of their budgets, as in Spain and Poland. In the case of the SMART Campaign (for example, MFIN and Sa-Dhan in private funding, an ADR scheme may be funded by an India, ALAFIA in Benin,117 AMFIU in Uganda118). industry association, its members, or the members of the As an ADR mechanism becomes more fully operational, ADR scheme itself, as in Armenia, Australia, Canada, the formalized, and trusted in a given jurisdiction, it important Channel Islands, Finland, France, Germany, Ireland, the that the decisions of the ADR mechanism become binding Netherlands, New Zealand, Slovakia, Trinidad and on financial service providers. Allowing providers to appeal Tobago, and the United Kingdom. However, funding decisions would defeat the purpose of having ADR should not come from the fees of consumers. Beyond triv- schemes, as financial service providers could bring con- ial and minimal fees, which in rare instances are charged sumers through costly and lengthy processes in the court to consumers, it is important that consumers are not system, where consumers will be highly disadvantaged. charged a fee to use the ADR mechanism, as one of the There are also different options for ADR processes and fundamental objectives of ADR mechanisms is that they dispute resolution methods. The ADR process may be should be accessible to low-income consumers. designed as adversarial, where a final decision depends Whatever funding arrangement is chosen, it should be on the disputing parties’ deposition,119 or inquisitorial, sufficient to ensure that the ADR mechanism can meet its where the decision maker plays a more active role in inves- goals and efficiently and effectively exercise its mandate. tigating the facts of the case.120 Similarly, the process may In practice, this means that it is essential that the ADR follow either a facilitative approach, employing concilia- mechanism has the offices, physical inventory (such as tion, or an evaluative approach, via arbitration. office furniture, computers, and a file registry), and the The principle of independence is particularly import- information and communications technology that it ant to ensure that consumers and financial services pro- requires to be successful. The ADR mechanism should viders have confidence in ADR mechanisms. The also have sufficient resources to be able to select, employ, International Network of Financial Services Ombudsman and retain experienced and independent staff and to pro- Schemes’ Effective Approaches to Fundamental Princi- vide them with ongoing training. The ADR mechanism will ples states not only that ADR mechanisms need to be also need to develop strategies to ensure accessibility to independent, but also that the decision-making process consumers, such as by providing for online dispute resolu- should be impartial. While different ADR mechanisms tion, multiple channels to file complaints, and multiple have different governance structures, independence is languages for communications. generally guaranteed by the fact that the public sector The option to appeal to an ADR mechanism should be (via the regulatory authority or Ministry of Finance), the clearly communicated to consumers during the first industry, and consumers are equally represented in the instance, when consumers are dealing with the complaints governing body of the relevant ADR mechanism. This handling function at the provider level, so that they are should be the case for both statutory schemes, as in Sen- aware that they do not need to accept any offer from a egal, South Africa, and the United Kingdom, and indus- provider that is considered unsatisfactory out of ignorance try-based schemes, as in Australia, Belgium, and of the availability of the ADR mechanism’s services. Botswana. Beyond the principles of independence, the Arbitration mechanisms may also be in place that EU Directive on ADR for Consumer Disputes (2013/11/ could be used by consumers. However, the compulsory EU) contains a useful set of standards applicable to ADR use of arbitration should ideally be prohibited. Consumers bodies in all sectors. The Effective Approaches to Funda- should not be obliged to use such mechanisms and forgo mental Principles illustrates approaches that have worked their right to go to court. The CFPB in the United States in financial ADR mechanisms around the world, including recently issued a comprehensive study that found that in developing economies such as Armenia, Botswana, arbitration clauses in consumer agreements limit con- and South Africa, to deliver the principles of indepen- sumer redress choices, as most consumers do not seek to dence (to ensure impartiality), clarity of scope and pow- go to arbitration or court.121 The study also found that ers accessibility, effectiveness, fairness, transparency, consumers did not realize that arbitration clauses limited and accountability. their right to go to court. Deposit and Credit Products and Services   53 F: GUARANTEE SCHEMES AND INSOLVENCY F1: DEPOSITOR PROTECTION a. The law should ensure that the financial safety net—that is, a deposit insurance system, if existing, the regulator or supervisor, and the resolution authority, if existing—can take necessary measures to protect depositors when a deposit-taking financial service provider is unable to meet its obligations, including the return of deposits. b. If there is a law on deposit insurance, it should clearly state the mandate and powers of the deposit insurer(s); i. the scope of depositors who are insured (for example, natural persons, legal persons); ii. the types of financial instruments that are insured; iii. the deposit insurance coverage level limits; iv. the mandatory membership of all deposit-taking financial service providers;122 v. the creation of an ex ante financed fund for payout purposes; vi. vii. the contributing institutions to this fund and clear back-up financing arrangements; viii. the events that will trigger a payout from this fund to insured depositors; and ix. the mechanisms and the timeframe to ensure timely payout to insured depositors. c. Directly and through insured institutions, the deposit insurer(s) should promote public awareness of the deposit insurance system on an ongoing basis. d. The public should be informed of the scope of depositors and types of financial instruments that are insured (and those that are not), the institutions that are members of the deposit insurer(s) and how they can be identified, the coverage level, the mandate of the deposit insurer(s), the reimbursement process, and the benefits and limitations of the deposit insurance system. e. In the event of a failure of a member institution, the deposit insurer(s) must notify depositors where, how, and when insured depositors will be provided with access to their funds. f. The deposit insurer(s) should work closely with member institutions and other safety-net participants to ensure consistency and accuracy in the information provided to depositors and consumers and to maximize public awareness on an ongoing basis. Law or regulation should require member institutions to provide information about deposit insurance in a format and language prescribed by the deposit insurer(s). g. The deposit insurer(s) should have in place a comprehensive communication program and conduct a regular evaluation of the effectiveness of its public awareness program or activities. Explanatory Notes The introduction or the reform of a deposit insurance Policy makers have choices regarding how to protect system can be more successful when a country’s financial depositors and contribute to financial system stability. system is healthy and its institutional environment is Explicit, limited-coverage deposit insurance (a deposit sound. In order to be credible, a deposit insurance system insurance system), which is prefunded by member institu- needs to be part of a well-constructed financial system tions, has become the preferred choice compared to reli- safety net, properly designed, and well implemented. It ance on implicit protection. A deposit insurance system also needs to be supported by strong prudential regula- clarifies the authority’s obligations to depositors, contrib- tion and supervision, the enforcement of effective laws, utes to financial stability, can promote public confidence, including a special bank resolution framework, and sound helps to contain the costs of resolving failed institutions, accounting and disclosure regimes. and can, depending on its design, provide an orderly pro- To be effective, the deposit insurance system needs a cess for dealing with the failures of deposit-taking finan- clearly defined mandate and the powers necessary to ful- cial institutions. fill its roles and responsibilities, such as assessing and col- 54   Good Practices for Financial Consumer Protection lecting premiums as well as using a range of tools to fied differently from traditional deposit accounts, it is reimburse depositors. A deposit insurance system should important to ensure that consumers are made aware of be able to reimburse depositors’ insured funds promptly, the coverage (or lack of thereof) and the terms of deposit which means within seven working days. If the deposit insurance or other protection. Where customers are able insurer(s) cannot currently meet this target, a credible plan to transfer their uninsured values promptly to insured to do so should be in place. A high level of public aware- accounts, they should also be clearly informed about the ness about deposit insurance, its benefits, and its limita- differences between both products.123 See also C7, “Pro- tions is essential to protect depositors and contribute to tection and Availability of Customer Funds” in Annex financial stability. The deposit insurer(s) should be respon- A, “Retail Payment Services.” sible for promoting public awareness of the deposit insur- Policy makers should consider different approaches to ance system on an ongoing basis and as part of a deposit insurance treatment of such products, including comprehensive communication program. (i) an exclusion approach, whereby such products are A deposit insurance system should be able to deal with explicitly excluded from deposit insurance coverage, a limited number of simultaneous failures of deposit-tak- although other measures to protect customers’ stored ing financial institutions, but the resolution of a systemic value may be adopted; (ii) a direct approach, whereby banking crisis requires that all financial system safety-net such products are directly insured by a deposit insurer participants work together effectively. Funding for the and their providers must become members of the deposit deposit insurance system should be provided on an ex insurance system; or (iii) a pass-through approach, ante basis, before any failure of a deposit-taking financial whereby deposit insurance coverage passes through a institution, and the responsibility of funding the deposit custodial account at an institution that is a deposit insur- insurance system should be primarily with its member ance member and holds funds from digital stored-value institutions. Emergency funding arrangements such as products to the benefit of each individual customer of the prearranged and assured sources of liquidity funding provider of the products, although this provider is not a should be set out explicitly in law or regulation. deposit insurance member.124 Deposit insurers should make efforts to stay abreast of The Core Principles for Effective Deposit Insurance technological innovations occurring in their jurisdictions, Systems issued by the International Association of Deposit particularly those regarding digital stored-value products. Insurers in November 2014, the EU Directive on Deposit Considering the multitude of new types of deposit or Guarantee Schemes 2014/49/EU, and the FSB Thematic deposit-like products managed by nonbank providers, or Review on Deposit Insurance Systems provide guidance new types of accounts managed by banks that are classi- for this GP.125 F2: BANKRUPTCY OF INDIVIDUALS a. A financial service provider should inform its individual customers in a timely manner and in writing on what basis the provider will seek to render a customer bankrupt, the steps it will take in this respect, and the consequences of any individual’s bankruptcy. b. Every individual customer should be given adequate notice and information by the financial service provider to enable the customer to avoid bankruptcy. c. Either directly or through industry associations, financial service providers should be encouraged to make counseling services available to customers who are bankrupt or likely to become bankrupt. d. The law should enable individuals to Declare their intention to present a debtor’s petition for a declaration of bankruptcy; i. Propose a debt agreement; ii. Propose a personal bankruptcy agreement; iii. Enter into voluntary bankruptcy; iv. Exclude certain assets from the bankruptcy process if they are required to provide for the basic v. needs of the individual; Be discharged from bankruptcy and its associated debts (subject to reasonable exclusions) after a vi. reasonable period of time; and vii. Protect the individual from unreasonable or criminal sanctions (absent fraud) for declaring bankruptcy. Deposit and Credit Products and Services   55 e. Any institution acting as the bankruptcy office or trustee responsible for the administration and regulation of the personal bankruptcy system should provide adequate information to consumers on their options to deal with their own debt and rehabilitation process in the event of bankruptcy. Explanatory Notes who are likely to become bankrupt, consumers may be Bankruptcy carries serious implications for an individual able to avoid bankruptcy or at least manage the process and can have a significant negative impact on a person’s better. For example, in Portugal, the legal framework social and economic standing. In many countries, being establishes specific requirements to deal with pre-arrears declared bankrupt also entails travel restrictions and a and arrears situations, including requiring that providers prohibition on being named to official positions and par- develop a pre-arrears action plan in order to track pre-ar- ticipating in certain economic activities. rears indicators and assist customers in dealing with diffi- In some countries, customers of financial service pro- culties in repayment. In many countries, debtors either are viders who default on their loans have little knowledge of unable to shield assets needed for their basic needs from the likelihood of being declared bankrupt and its conse- bankruptcy or are unable to be discharged of their debts, quences to their lives. In general, it is good practice to leaving them indebted in perpetuity. The law also ought have personal bankruptcy laws/regimes in places. In many to provide for a rehabilitation process for bankrupt per- countries, the process lacks transparency; consumers may sons, if possible.126 not even know that they have been declared bankrupt The World Bank’s Report on the Treatment of Insol- until their subsequent application for a credit has been vency of Natural Persons and Best Practices in the Insol- turned down. By making counseling available to those vency of Natural Persons provide guidance for this GP.127 F3: INSOLVENCY OF FINANCIAL INSTITUTIONS a. Depositors should enjoy higher priority than other unsecured creditors in the liquidation process of a financial service provider. b. The law dealing with the insolvency of financial service providers should provide for expeditious, cost-effective, and equitable provisions to enable the maximum timely refund of deposits to depositors. Explanatory Notes The BIS Supervisory Guidance on Dealing with Weak Banks, the EU Directive on Deposit Guarantee Schemes (1994/19/EC), and the key conclusions of the Asia- Pacific Economic Cooperation Policy Dialogue on Deposit Insurance in 2005 provide guidance and back- ground for this GP. 56   Good Practices for Financial Consumer Protection NOTES 1.  See “FinTech Credit: Market Structure, Business Models 6. The meaning of the term license varies widely across and Financial Stability Implications,” a report prepared by a countries, but it is used in this chapter to refer to working group established by the Committee on the permission to operate given by a financial sector authority Global Financial System and the Financial Stability Board based on the evaluation of an application presented by the (FSB, 2017). See also “The Proliferation of Digital Credit financial service provider. Without a license, the financial Deployments” (CGAP, 2016), http://www.cgap.org/ service provider cannot operate. The provider also cannot publications/proliferation-digital-credit-deployments. cease operations without prior approval by the authority. 2. See, for example, Best Practices and Recommendations for Licensed providers are included in a register maintained Financial Consumer Protection (Association of Supervisors by the authority. of Banks of the Americas, 2012), 17, available at http:// 7. The meaning of the term registration also varies across www.asbasupervision.com/en/bibl/publications-of-asba/ countries. The term is used in this chapter to refer to the working-groups/303-if17/file. notification (which may be required by law or regulation) 3. Some countries may use such a specialized law to create a by a financial service provider to a financial sector authority regulatory agency dedicated to financial consumer informing the authority that the provider is operating. protection (for example, Canada, Mexico, South Africa, The information to be provided, and whether registration and the United States) or to clarify or expand powers of an entails any type of regular reporting, varies across existing financial authority that also has other mandates, countries. Providers that are only registered (as opposed such as prudential supervision (for example, Belgium, to licensed) can usually cease operations without prior Colombia, Netherlands, Peru, South Africa, and the United approval of the authority, though they may be required Kingdom). Note that South Africa is mentioned as having to notify the authority within a specified timeframe. a dedicated agency for financial consumer protection, 8. In fact, many central banks require some type of registra- although the agency, the National Credit Regulator, tion and collect data at least from large nonbank credit covers only retail credit markets. South Africa is currently providers as part of their macro-prudential oversight undergoing a major institutional reform to implement a (shadow banking monitoring) or for other reasons. “twin peaks” approach to financial sector supervision, Registration is also common in the retail payments industry under which the prudential supervisor will be separate and for agents of regulated financial institutions, such as from the market conduct supervisor. A dedicated financial insurance, investment, and pension agents. conduct authority will be created and become responsible 9. See, for instance, requirements for financial service for market conduct in relation to most financial products, providers seeking a license to operate from the Australian except credit, which will remain under the National Credit Securities and Investment Commission, available at http:// Regulator. For details, see Twin Peaks in South Africa: download.asic.gov.au/media/3278613/rg2-published-1- Response and Explanatory Document Accompanying the july-2015.pdf. Second Draft of the Financial Sector Regulation Bill 10. See the BCBS’s discussion on a graduated approach to (National Treasury of the Republic of South Africa, 2014), licensing to accommodate market developments, in available at http://www.treasury.gov.za/public% “Guidance on the Application of the Core Principles for 20comments/FSR2014/2014%2012%2012%20 Effective Banking Supervision to the Regulation and Response%20document.pdf. Supervision of Institutions Relevant to Financial Inclusion” 4. G20 High-Level Principles on Financial Consumer (BCBS, 2016), 9–10. Protection (OECD, 2011). 11. In this context, regulatory arbitrage would be a situation 5. In Canada, the Financial Consumer Agency of Canada where NBFIs keep their operations just under the threshold covers federally regulated financial institutions. Other that would require them to be supervised. providers may or may not be covered by provincial laws 12. Such as the “Model Law for Financial Consumer Protec- and supervisors, including insurance supervisors. See tion” (Microfinance CEO Working Group, 2015), based on “Our Mandate” (Financial Consumer Agency of Canada) the Smart Campaign’s Client Protection Principles, which available at http://www.fcac-acfc.gc.ca/Eng/about/Pages/ were developed for the microfinance sector. OurManda-Notreman.aspx. In Colombia, the Financial 13. One approach is the so-called twin peaks model, where one Consumer Protection Regime (which comprises Title I of authority deals with prudential regulation and supervision Law 1328 of 2009) covers institutions regulated and pertaining to banks (and possibly other financial institutions) supervised by the Financial Superintendence. In Mexico, and a separate authority is responsible for the regulation the Financial Consumer Protection Law covers any entity and supervision of the business conduct of banks (and providing financial services if it is required to obtain possibly other financial institutions and even nonfinancial authorization to operate from the Ministry of Finance or firms providing certain financial products and services). This any other financial regulatory authority. In Peru, the model—with variations regarding the mandate and remit of Financial Consumer Protection Law covers institutions that the market conduct authority—is employed by Australia, are regulated and supervised by the Superintendence of Belgium, France, the Netherlands, and the United Kingdom Banks, Insurance and Pension Funds. In Mexico, the and is anticipated in South Africa. Financial Consumer Protection Law covers providers of financial services that are required to obtain authorization 14. “Financial Services and Markets Act 2000: Memorandum to operate from the Ministry of Finance or any financial of Understanding between the Financial Conduct Authority regulatory authority. and the Bank of England, including the Prudential Regulation Authority” (March 2015), available at http://www.fca.org.uk/your-fca/documents/mou/ mou-between-the-fca-and-the-pracoordination. Deposit and Credit Products and Services   57 15. http://www.apra.gov.au/AboutAPRA/Documents/ASIC- financial service provider, to ensure quality regulatory MoU.pdf. reporting to the supervisory authority. 16. Australian Competition and Consumer Commission, 30. See Denise Dias, Implementing Consumer Protection in https://www.accc.gov.au. Emerging Markets and Developing Economies: A Technical 17. Administrative Council for Economic Defense, http://www. Guide for Bank Supervisors (Washington, DC: CGAP, 2013). cade.gov.br. Available online at http://www.cgap.org/publications/ implementing-consumer-protection. 18. Competition Superintendence of El Salvador, http://www. sc.gob.sv/home. 31. Mystery shopping involves sending individuals posing as normal consumers to provider outlets to simulate a typical 19. Competition Commission of Singapore, https://www.ccs. consumer/provider interaction to assess the behavior of gov.sg. provider staff. See Rafe Mazer, Xavier Gine, and Cristina 20. One of the recommendations of the Consumer Experience Martinez, Mystery Shopping for Financial Services: What and Protection Working Group of the ITU-T Focus Group Do Providers Tell, and Not Tell, Customers about Financial Digital Financial Services is for regulators to work in collabo- Products? (Washington, DC: CGAP, 2015). Available online ration to harmonize coverage of different providers of at http://www.cgap.org/sites/default/files/Technical- digital financial services. This is in line with the G20 Guide-Mystery-Shopping-for-Financial services-Oct- High-Level Principles for Financial Consumer Protection, 2015.pdf. which also calls for cooperation between regulators of the 32. http://www.hkma.gov.hk/eng/key-information/press- financial and nonfinancial sectors. See ITU-T Focus Group releases/2011/20110524-4.shtml. Digital Financial Services, Consumer Experience and Protection (ITU, 2017). 33. In order to deal with a significant increase in the number of regulated entities, the FCA recently reformed its 21. See, generally, “International Consumer Organisations,” previous tiered approach to conduct supervision. As of http://ec.europa.eu/consumers/eu_consumer_policy/ February 2016, regulated entities are divided into two consumer_consultative_group/international_consumer_ groups: “fixed portfolio firms,” which have dedicated organisations/index_en.htm. supervisory teams, and “variable portfolio firms,” which 22. See, for example, the European Commission’s Financial do not have supervisory teams assigned to them. Entities Services User Group, http://ec.europa.eu/finance/ in the variable portfolio are subject only to reactive—that finservices-retail/users/index_en.htm. is, event-driven—supervision and thematic, cross-sector 23. This is specifically advocated by the ITU-T Focus Group analyses. Digital Financial Services in Consumer Experience and 34. The United Kingdom’s FCA approach to enforcement is Protection (ITU, 2017). described in two documents: Decision Procedure and 24. See also Jeanne M. Hogarth and Ellen A. Merry, “Designing Penalties Manual and The Enforcement Guide (FCA 2016). Disclosures to Inform Consumer Financial Decisionmaking: Both are available online at http://www.fca.org.uk/firms/ Lessons Learned from Consumer Testing,” Federal Reserve being-regulated/enforcement/how-we-enforce-the-law. Bulletin 97, no. 3 (August 2011). http://www.federalreserve. The approach adopted by the Central Bank of Ireland is gov/pubs/bulletin/2011/pdf/designingdisclosures2011.pdf. found online at http://www.centralbank.ie/regulation/ 25. See, for example, FCA, “FCA Publishes Occasional Papers processes/EnfI/Pages/Introduction.aspx. ASIC’s approach on Behavioural Economics Exploring How People Make is found online at http://asic.gov.au/about-asic/asic- Financial Decisions,” press release, April 10, 2013, http:// investigations-and-enforcement/asic-s-approach-to- www.fca.org.uk/news/fca-publishes-occasional-pa- enforcement/. pers-on-behavioural-economics. 35. See “Code of Banking Practice,” issued by the Hong 26. ITU-T Focus Group Digital Financial Services, Consumer Kong Association of Banks and the DTC Association and Experience and Protection (ITU, 2017). endorsed by the Hong Kong Monetary Authority (DTC 27. “Treating customers fairly” is a regulatory and supervisory Association, February 2015), at http://www.hkma.gov.hk/ approach that aims to raise the standards in the way media/eng/doc/code_eng.pdf. providers carry out their business centered around fair 36. See “Banking Code for Consumer Protection,” prepared outcomes for consumers, which are by the Bankers Association of the Philippines in conjunction then used as the basis around which providers design with four other relevant associations and the Chamber of operations that lead to such outcomes. Thrift Banks (January 2011). 28. The ITU-T Focus Group Digital Financial Services gives 37. See “The Code of Banking Practice” in effect as of January specific recommendations for supervision of digital financial 1, 2012 (Banking Association of South Africa). services with respect to consumer protection and 38. Best Practices and Recommendations for Financial experience, such as taking a harmonized approach to Consumer Protection (Association of Supervisors of Banks agents of banks and NBFIs. See Consumer Experience and of the Americas, 2012), 17. https://wbg.app.box.com/ Protection (ITU, 2017). files#/files/0/f/2420840753/1/f_20723074807?&_suid= 29. The weaknesses in banks’ risk data aggregation and 1428332743974018286119713275228. reporting were largely revealed in the wake of the recent 39. Not only is the Single Banking Circular a compilation of global financial crisis, as pointed out in Basel Committee regulations, it can also be used as a substitute text, as it on Bank Supervision, “Principles for Effective Risk Data abrogates what is not relevant, reorders, and reclassifies Aggregation and Risk Reporting” (BCBS, 2013), available the content from different regulations. at http://www.bis.org/publ/bcbs239.pdf. Although the 40. See compilation of consumer credit policy and regulations principles are designed for internationally active banks, some complied by the United Kingdom’s FCA at www.fca.org.uk/ of them could be useful for any type and size of regulated firms/firm-types/consumer-credit. 58   Good Practices for Financial Consumer Protection 41. http://asic.gov.au/online-services/search-asics-registers/. 65. See, for example, Rafe Mazer, Katharine McKee, and 42. https://www.bportugal.pt/en-US/Supervisao/Pages/ Alexandra Fiorillo, “Applying Behavioral Insights in Instituicoesautorizadas.aspx. Consumer Protection Policy,” Focus Note 95 (CGAP, June 2014). See also, generally, Marianne Bertrand, Sendhil 43. http://www.ncr.org.za/register_of_registrants/registered_ Mullainathan, and Eldar Shafir, “A Behavioral Economics cp.php. View of Poverty,” American Economic Review 94, no. 1 44. http://clientebancario.bportugal.pt/pt-PT/Publicacoes/RAI/ (2004), 419–423, and Saugato Datta and Sendhil Paginas/RAI.aspx. Mullainathan, “Behavioral Design: A New Approach to 45. See http://www.consumerfinance.gov/complaintdatabase/. Development Policy,” Policy Paper 016 (Washington, DC: 46. See http://www.bcb.gov.br/?ranking (in Portuguese). Center for Global Development, 2012). See further Michael 47. http://www.centralbank.ie/regulation/processes/EnfI/ Barr, Sendhil Mullainathan, and Eldar Shafir, “Behaviorally Pages/Introduction.aspx. Informed Financial Services Regulation,” Asset Building Program Policy Paper (New America Foundation, 2008), 48. http://www.mas.gov.sg/news%20and%20publications/ and Daryl Collins, Nicola Jentzsch, and Rafael Mazer, enforcement%20actions.aspx. “Incorporating Consumer Research into Consumer 49. http://www.fca.org.uk/firms/being-regulated/enforcement/ Protection Policy Making,” Focus Note 74 (CGAP, outcomes-notices. November 2011). 50. http://www.consumerfinance.gov/newsroom/consumer- 66. See Notice 10/2008, Banco de Portugal. financial-protection-bureau-takes-action-against-payday- 67. The CFPB developed the rules over a two-year period that lender-for-robo-signing/. included external consultations and consumer research. As 51. http://www.afm.nl/en/consumer.aspx. the new rules also had a significant impact on providers 52. http://www.sbs.gob.pe/usuarios. who needed to adapt their systems and retrain their staff, 53. http://mymoneybox.mfsa.com.mt/. the rules were programed to be effective two years after 54. http://clientebancario.bportugal.pt/pt-PT/Paginas/inicio. their issuance. See analysis in “CFPB Mortgage Disclosure aspx. Rules: An Analysis of the Consumer Financial Protection Bureau’s ‘Know Before Your Owe’ Disclosure Forms” (PwC, 55. https://www.abcfinance.am/finhelper/. 2014), available at www.pwc.com/consumerfinance. See 56. G20/OECD Task Force on Financial Consumer Protection, also “Final Rule on Simplified and Improved Mortgage “Update Report on the Work to Support the Implementa- Disclosures: Detailed Summary of the Rule” (Consumer tion of the G20 High-Level Principles on Financial Financial Protection Bureau, 2013), available at http://files. Consumer Protection, Principles 4, 6 and 9” (OECD, 2013). consumerfinance.gov/f/201311_cfpb_tila-respa_ 57. Section 64 of South Africa’s National Credit Act 34 of 2005, detailed-summary.pdf. which covers credit products. 68. See “On the Approval of Resolution 8/05 on ‘Procedure, 58. This price comparison tool is available on the regulator’s Terms, Forms and the Minimum Requirements for website at http://www.sbs.gob.pe/app/retasas/paginas/ Communication Between Bank and Depositor, Creditor retasasInicio.aspx#. and Consumer’” (Central Bank of the Republic of Armenia, 59. In 2006, the Bank of Italy developed seven different user 2009), available at https://www.cba.am/EN/laregulations/ profiles (such as young user, family with low usage, and Regulation%208_05_eng.pdf. retiree with median usage), with a specified pattern of 69. Standardized statements are available for banking account usage for each user profile. Financial service accounts, deposits, loans, and credit lines at https://www. providers are required to identify in advance the profiles cba.am/EN/laregulations/Regulation%208_05_eng.pdf.0. that an account product is most suitable for and to display 70. For example, this protects NBFI credit providers from related comprehensive cost indicators in KFSs to potential arbitrary political interference on interest-rate levels or even customers. abuse by consumers who seek to void loan contracts, alleg- 60. See ITU-T Focus Group Digital Financial Services, ing that the price was too high. However, the courts in Consumer Experience and Protection (ITU, 2017). some EU countries such as Poland and Spain have nullified 61. Directive 2008/48/EC of the European Parliament and of contract termination fees that were considered abusive, the Council on April 23, 2008, on credit agreements for having no real relationship to expenses. consumers. 71. Act Concerning the Regulation of the Law of Standard 62. A useful reference on electronic delivery of disclosure Business Terms. documents and the shift to electronic disclosure as the 72. The Unfair Contract Terms Act (1977), which was substi- default format of disclosure in Australia can be found at tuted by the Unfair Terms in Consumer Contracts “Facilitating Electronic Financial Services Disclosures,” Regulations (1994 and 1999), after adoption of the EU Consultation Paper 224 (Australian Securities and Unfair Terms in Consumer Contracts Directive. Investment Commission, November 2014). 73. See ITU-T Focus Group Digital Financial Services, 63. ITU-T Focus Group Digital Financial Services, Consumer Consumer Experience and Protection (ITU, 2017). Experience and Protection (ITU, 2017). 74. See the Credit Card Act of 2009 and Regulation Z (Truth in 64. See Jeanne M. Hogarth and Ellen A. Merry, “Designing Lending). Disclosures to Inform Consumer Financial Decisionmaking: 75. “Tying of two products (or services) occurs when a seller Lessons from Consumer Testing,” Federal Reserve Bulletin sells one good (tying good) on the condition that the buyer 97, no. 3 (August 2011). buys the other good (tied good) from that seller or imposes on the buyer the requirement that s/he will not purchase the other good from another seller. Bundling is a general Deposit and Credit Products and Services   59 term describing selling collections of goods as a package. Banking Authority, “Guidelines on Product Oversight and In pure bundling, the individual goods are not sold Governance Arrangements for Retail Banking Products” separately but only in combination, so it is essentially (EBA, 2016), available online at https://www.eba.europa. equivalent to tying. In mixed bundling, the individual eu/documents/10180/1141044/EBA-GL-2015-18+Guide- goods, as well as the package, are available.” See the lines+on+product+oversight+and+governance.pdf. Palgrave Encyclopedia of Strategic Management, available 87. See “Code of Conduct on the Switching of Current at http://www.stern.nyu.edu/networks/Economides_ Accounts with Credit Institutions” (Central Bank of Ireland, Bundling_and_Tying.pdf. 2010, as updated in 2016), available online at http://www. 76. For these reasons, product tying by one or more financial centralbank.ie/regulation/processes/consumer-protec- institutions in a particular EU member state may constitute tion-code/Pages/codes-of-conduct.aspx. See also EU an exclusionary abuse of dominance under Article 102 of Directive on Basic Accounts. the Treaty establishing the European Community (EC 88. See, for instance, Lebogang Nleya and Genna Robb, Treaty), where such institutions have a dominant position. “Mobile Money Monopolies in Kenya and Zimbabwe: 77. See ITU-T Focus Group Digital Financial Services, Where Should the Balance with Rivals Be?” Mail and Consumer Experience and Protection (ITU, 2017). Guardian Africa, November 20, 2014, http://mgafrica. 78. See, for instance, Australia’s ASIC’s guide for financial com/article/2014-11-19-mobile-money-monopolies-in- consumers to avoid high-pressure sales tactics at https:// kenya-and-zimbabwe, and “Competition and Financial www.moneysmart.gov.au/borrowing-and-credit/borrow- Markets: Key Findings” (OECD, 2009), available online at ing-basics/avoiding-sales-pressure, and further sales http://www.oecd.org/daf/competition/43067294.pdf. practices exploiting consumer vulnerabilities that should be 89. Regulation (EU) 2016/679 of the European Parliament and specifically avoided in G20/OECD Task Force on Financial of the Council of 27 April 2016 on the Protection of Natural Consumer Protection, “Update Report on the Work to Persons with Regard to the Processing of Personal Data Support the Implementation of the G20 High-Level and on the Free Movement of Such Data, and Repealing Principles on Financial Consumer Protection, Principles 4, Directive 95/46/EC (General Data Protection Regulation), 6, and 9” (OECD, 2013). to become effective May 25, 2018. 79. “FinCoNet Report on Responsible Lending: Review of 90. See further discussion in ITU-T Focus Group Digital Supervisory Tools for Suitable Consumer Lending Financial Services, Consumer Experience and Protection, Practices” (FinCoNet, July 2014). (ITU, 2017). 80. For instance, see “Credit Licensing: Responsible Lending 91. Note that some countries consider these entities “agents,” Conduct,” Regulatory Guide 209 (ASIC, 2009). while others regard them as another third-party service 81. See “Basel Core Principles for Effective Banking Supervi- provider. In both cases, the role of regulation is important sion and Microfinance Activities” (BCBS, 2010), available to keep the financial institution liable for the actions of online at http://www.bis.org/bcbs/publ/d351.htm. these entities, regardless of the number of intermediaries that exist between the institution and the consumer. 82. For instance, in several countries, financial service providers extend credit over mobile phones, the Internet, or in 92. ITU-T Focus Group Digital Financial Services, Consumer person based on new credit scoring models that use Experience and Protection (ITU, 2017). alternative data (for example, social media, bill-payment 93. Other examples of problems that can arise from the use of history, mobile airtime consumption history, e-commerce agents are found in Katharine McKee, Michelle Kaffen- data, psychometric data). Although such practices may not berger, and Jamie M. Zimmerman, “Doing Digital Finance conform with current requirements regarding minimum Right: The Case for Stronger Mitigation of Customer Risks,” information to be gathered to assess suitability for prospec- Focus Note 103 (CGAP, June 2015). tive customers, they may still result in good consumer 94. FCA’s Remuneration Codes are available online at www.fca. outcomes. This area will likely require ongoing monitoring org.uk/firms/being-regulated/remuneration-codes. and analyses by policy makers to determine what 95. See a list of country examples in http://www.financialstabili- appropriate policy responses may be needed. tyboard.org/wp-content/uploads/r_120709.pdf. 83. In addition, some countries have stepped up their 96. See “FSB Principles for Sound Compensation Practices” monitoring of household indebtedness levels. For (FSP, 2009) at http://www.financialstabilityboard.org/ example, in Peru, financial regulators have engaged with what-we-do/policy-development/building-resilience-of-fi- the National Institute of Statistics to improve data on this nancial-institutions/compensation/ and BCSB, “Compensa- topic. tion Principles and Standards Assessment Methodology” 84. “FinCoNet Report on Responsible Lending: Review of (Bank for International Settlements, 2009), at http://www. Supervisory Tools for Suitable Consumer Lending bis.org/publ/bcbs166.pdf. Practices” (FinCoNet, July 2014). 97. See A Guide to Regulation and Supervision of Microfi- 85. As with consumer agreements, some supervisors impose nance: Consensus Guidelines (CGAP, 2012), available at an approval process before each new product is launched http://www.cgap.org/publications/guide-regulation-and- in the market. Although this may help supervisors to supervision-microfinance; Michael W. Krell and Micol identify inadequate product features, it may impose an Pistelli, “An Examination of Field Staff Compensation and obstacle to market development and financial inclusion Incentive Structure at Indian MFIs Intended to Shed Light while also entailing a significant burden on supervisory on Allegations Regarding Loan Payment Collection resources. Practices in India” (Microfinance Information Exchange, 86. The guidelines are based on EU Regulation 1093/2010 and 2010); and “Corporate Governance in Financial Institutions become applicable from January 2017. See European and Remuneration Policies,” green paper (European 60   Good Practices for Financial Consumer Protection Commission, 2010), available online at http://www. 109. Financial service providers gather vast amounts of data, microfinancegateway.org/library/corporate-governance- including personal information, in order to conduct their financial-institutions-and-remuneration-policies. daily tasks. This information is sensitive to misuse or 98. See Katharine McKee, Michelle Kaffenberger, and Jamie breaches, which have the potential to cause harm to M. Zimmerman, “Doing Digital Finance Right,” Focus Note consumers. This section refers only to a few select issues 103 (CGAP, June 2015), available at http://www.cgap.org/ regarding data protection and privacy that are of greatest publications/doing-digital-finance-right. relevance to financial consumer protection. 99. ITU-T Focus Group Digital Financial Services, Consumer 110. See, for example, (a) Universal Declaration of Human Experience and Protection (ITU, 2017). The ITU also asks for Rights, Article 12 (United Nations, 1948), (b) Convention digital financial services providers to have a robust security for the Protection of Human Rights and Fundamental and fraud-detection management, and mitigation measures Freedoms, Article 8 (European Court of Human Rights, and procedures, that should be assessed by the supervisor 1950), available at http://www.coe.fr/eng/legaltxt/5e.htm, at the time of licensing and on an ongoing basis. (c) Convention for the Protection of Individuals with Regard to Automatic Processing of Personal Data, ETS No. 108 100. http://www.bis.org/publ/bcbs292.pdf. (Council of Europe, 1981), available at http://www.coe.fr/ 101. See Lara Gilman and Michael Joyce, Managing the Risk of eng/legaltxt/108e.htm, (d) International Covenant on Civil Fraud in Mobile Money (Mobile Money for the Unbanked, and Political Rights (United Nations, 1966), available at 2012), available online at www.gsma.com/mobilefordevel- http://www.hrweb.org/legal/cpr.html, and (e) Regulation opment/wp-content/uploads/2012/10/2012_MMU_Manag- (EU) 2016/679 of the European Parliament and of the ing-the-risk-of-fraud-in-mobile-money.pdf; Fraud in Mobile Council of 27 April 2016 on the Protection of Natural Money (MicroSave), available at http://www.gsma.com/ Persons with Regard to the Processing of Personal Data mobilefordevelopment/a-closer-look-at-the-risk-of-fraud- and on the Free Movement of Such Data, and Repealing in-mobile-financial services; and Mobile Financial Services Directive 95/46/EC (General Data Protection Regulation), Working Group, Mobile Financial Services: Consumer to become effective May 25, 2018. Protection in Mobile Financial Services (Alliance for 111. Guidelines Governing the Protection of Privacy and Financial Inclusion, 2014), available at http://asbaweb. Transborder Flows of Personal Data, section 7 (OECD, org/E-News/enews-37/incfin/06incfin.pdf. 2013). 102. The toolkit can be found online at http://www.ifc.org/wps/ 112. Convention for the Protection of Individuals with Regard to wcm/connect/industry_ext_content/ifc_external_corporate_ Automatic Processing of Personal Data (Council of Europe, site/industries/financial+markets/publications/toolkits/ 1981). mobilemoney_toolkit1. 113. See, for example, the Guidelines Governing the Protection 103. “Fraud,” chapter 4 in Financial Crime: A Guide for Firms. of Privacy and Transborder Flows of Personal Data, Part 1: A Firm’s Guide to Preventing Financial Crime Principle 10 (OECD, 2013); the UN Guidelines, Article 3; (Financial Conduct Authority, 2014), available at http:// APEC Privacy Framework, Principle III, “Collection media.fshandbook.info/Handbook/FC1_Full_20140401. Limitation” (Asia-Pacific Economic Cooperation, 2005); and pdf. the COE Convention. 104. See Anita Campion, “Improving Internal Control: A 114. Convention for the Protection of Individuals with Regard to Practical Guide for Microfinance Institutions” (Washington, Automatic Processing of Personal Data (Council of Europe, DC: Microfinance Network and GTZ, 2000); Akwasi A. 1981). Boateng, Gilbert O. Boateng, and Hannah Acquah, “A Literature Review of Fraud Risk Management in Micro 115. See “Record Keeping and Client Identification for Financial Finance Institutions in Ghana,” Research Journal of Finance Entities,” Guideline 6G (Financial Transactions and Reports and Accounting 5, no. 11 (2014), available at www.iiste.org/ Analysis Centre of Canada, February 2014), available at Journals/index.php/RJFA/article/view/13527, “Corruption www.fintrac-canafe.gc.ca. and Financial Crime: An Issue in Microfinance?” (respons- 116. Additional guidance specific to digital financial services is Ability, 2008), available at http://www.responsability. found in Rafe Mazer and Nitin Garg, “Recourse in Digital com/funding/data/docs/en/1564/Discussion-Paper- Financial Services: Opportunities for Innovation,” CGAP Corruption-and-financial-crime.pdf; and Beatriz Marulanda Brief (December 2015). et al., “Failures in Microfinance: Lessons Learned” 117. http://newsite.alafianetwork.org/index.php?option=com_ (Calmeadow, 2010). content&view=article&id=91&Itemid=435. 105. See http://www.consumer.ftc.gov/articles/0078-advance- 118. http://www.amfiu.org.ug/what-amfiu-does/complaint- fee-loans. handling.html. 106. https://www.ftc.gov/enforcement/rules/rulemaking- 119. See, for example, http://dictionary.findlaw.com/definition/ regulatory-reform-proceedings/fair-debt-collection- adversary-process.html. practices-act-text. 120. See, for example, http://legal-dictionary.thefreedictionary. 107. For a global overview of practices related to debt com/Inquisitorial+System. collections, see “Global Practices in Responsible and 121. The study was mandated by the Dodd-Frank Act. See Ethical Collections,” working paper, (IFC, August 2009). http://www.consumerfinance.gov/newsroom/cfpb- 108. http://www.smartcampaign.org/storage/docu- study-finds-that-arbitration-agreements-limit-relief-for- ments/20110916_SC_Principles_Guidance_Draft_Final.pdf. consumers/. 122. Deposit-taking financial institutions can be banks, credit unions, financial cooperatives (urban or rural), housing or Deposit and Credit Products and Services   61 building societies, MFIs, and so forth, which should be 126. See http://www.apec.org/apec/documents_reports/ subject to sound prudential regulation and supervision on finance_ministers_process/2004.html. a regular basis. 127. See Insolvency and Creditor/Debtor Regimes Task Force, 123. The ITU recommends that in the absence of deposit “Report on the Treatment of Insolvency of Natural Persons” insurance coverage, other mechanisms should be put in (World Bank, 2014), available at http://www-wds. place. It also recommends that authorities engage in public worldbank.org/external/default/WDSContentServer/ awareness initiatives related to the coverage (or not) of WDSP/IB/2013/05/02/000333037_20130502131241/ deposit insurance to digital financial services. ITU-T Focus Rendered/PDF/771700WP0WB0In00Box377289B00PUB- Group Digital Financial Services, Consumer Experience and LIC0.pdf, and Susan Block-Lieb, “Best Practices in the Protection (ITU, 2017). Insolvency of Natural Persons: The World Bank Insolvency 124. See Juan Carlos Izaguirre, Timothy Lyman, Claire McGuire, and Creditor/Debtor Regimes Task Force Meetings, and Dave Grace, “Deposit Insurance and Digital Financial Rapporteur’s Synopsis, January 11, 2011,” available at Inclusion,” CGAP Brief (October 2016). http://siteresources.worldbank.org/EXTGILD/Resources/ WB_TF_2011_Consumer_Insolvency.pdf. 125. See http://www.iadi.org/docs/cprevised2014nov.pdf. 2 INSURANCE Effective consumer protection practices play an import- issues.1 In response, such events usually lead to the intro- ant role not only in helping individual consumers but duction of specific insurance consumer protection laws also in developing insurance markets and in ensuring and systems intended to remedy the problems, but only their long-term growth and stability. Insurance is a ser- after confidence in the sector has eroded and the poten- vice unlike most others. It is a business where the insurer, tial of sector growth has been severely impacted. in exchange for a regular ongoing payment, promises to indemnify or protect the consumer against the small prob- Many developed countries with common law legal sys- ability of a large loss. This “business of promises” depends tems have a large and dynamic inventory of case law on consumer confidence and trust in the underlying that addresses consumer protection issues. Similarly, industry to function well. Not only do consumers need to many countries with older industries and established civil know that insurers have the ability to meet their obliga- code systems have a lengthy history of regulation. Never- tions, but they need to know that they will be treated fairly theless, conduct of business2 regulation, which is con- during the course of their business activities. Otherwise, cerned with fair treatment of consumers, has tended to they will pursue other less effective means of managing lag behind prudential regulation until recently. As a result personal risks. of initiatives like the G20 High-Level Principles on Finan- cial Consumer Protection and a renewed focus by the Similarly, if the insurance industry is to grow and International Association of Insurance Supervisors (IAIS) develop, it needs to be able to rely on the accuracy and on fair treatment of consumers in supervisory standards good faith of consumers providing information to and by intermediaries in the insurance industry, this is insurers for underwriting purposes. Where legal and beginning to change. In addition, the strong linkages regulatory protections regarding the information pro- between prudential regulation and conduct of business vided by consumers to the insurance industry are inade- regulation are increasingly being recognized globally. quate, serious fraud problems can develop, affecting the solvency of insurers and the cost of insurance products Higher standards are reflected in recent regulatory and provided to other consumers. supervisory changes in countries like Australia, Singa- pore, and the United Kingdom. The European Union In both developed and developing countries, there are (EU) has also recently become more engaged in this area many instances where good practices have failed to since the passage of Directive 2008/52/EC on certain develop, and the consequences have been severe for aspects of mediation in civil and commercial matters and consumers and market development. As a result of an ongoing dialogue on the broader consumer protection weak regulation, the insurance sector has sometimes agenda. The European Insurance and Occupational Pen- been manipulated by desperate, unscrupulous, or misdi- sions Authority (EIOPA) has also taken a significant step rected operators using inappropriate market conduct forward in the issuance of Guidelines on Complaint Han- practices, such as recent payment protection insurance dling (2012) for insurers and for intermediaries.   63 64   Good Practices for Financial Consumer Protection In the developing world, several countries, such as ships that often characterize mobile insurance can poten- South Africa and Colombia, have improved regulatory tially threaten consumer protection, as the case of EcoLife standards and consumer practices. These countries are in Zimbabwe shows.4 Coordination among various regula- enjoying rapidly growing retail insurance markets, due to tors will be necessary, at a minimum, to address such con- stronger regulation as well as rising real income levels and cerns. In addition, due to the complexity of insurance the introduction of compulsory motor and health insur- products, insurance supervisors may be required to regu- ance and links with credit provision. late new parties that in the past have not been involved in insurance distribution networks. Developing country markets often present additional challenges in the form of financial inclusion and finan- Regulators will need to strike an appropriate balance cial capability issues. These challenges can accentuate between the consumer protection needs of unsophis- the fundamental asymmetric information imbalance ticated customers, on the one hand, and burdensome between insurance service providers and consumers and requirements that may deter insurers from serving this reinforce the need for strong consumer protection stan- segment, on the other. A strong business case for inclu- dards. They can also, however, challenge the applicability sive insurance/microinsurance has not emerged for any of regulatory models used in developed countries and but the most elementary products, so insurers are often require an approach tailored to the special nature, scale, hesitant to invest in this market. Insurers may be deterred and complexity of the local market. from engaging in microinsurance if they have to follow the same documentation requirements for a six-month Microinsurance and inclusive insurance are two different personal accident insurance as for a 20-year unit-linked but related manifestations of financial inclusion. The life insurance. On the other hand, the degree of financial term inclusive insurance is generally used in the context of literacy of typical emerging customers is significantly overcoming barriers that have prevented large populations lower than that of conventional insurance clients, sug- in many countries from using formal financial services such gesting a different approach may be required for commu- as insurance. Microinsurance also seeks to overcome exclu- nication, disclosure, and dispute resolution. The IAIS sions but with a particular focus on low-income households suggests that “requirements and rules should be based and micro, small, and medium enterprises. The most salient on the principle of proportionality, considering each juris- feature of emerging customers is their lower purchasing diction’s context and national strategic objectives, with power, which usually requires thorough reengineering of all adaptations made to ensure that the needs of inclusive aspects of insurance. The two most notable differences insurance customers can be most appropriately addressed with conventional insurance are the principle of outsourc- and their interests adequately protected.”5 This recom- ing every task to a party that can achieve it at the lowest mendation should be applied to the good practices pro- possible cost, and simplification. Both differences aim to posed throughout this chapter. reduce the cost of insurance, and both can raise potential challenges to consumer protection. Outsourcing is most Good consumer practices, drawn from the work of notable with respect to distribution (insurers using the infra- international standard setters and best practice experi- structure, trust, and brand awareness of other entities), and ence in leading countries, can, however, provide les- can lead to complex value chains that distance the insurer sons for all insurance markets and help them avoid a from the client. Simplification reduces consumer choice number of common consumer protection problems. and can preclude in-depth advice, individual underwriting, Some of these include the sale of inappropriate products and thorough claims assessment. by authorized or unauthorized insurers and intermediar- ies; unfair claims-settlement practices; products that are “Mobile insurance” illustrates the differences between not suited to clients’ needs; unrealistic benefit illustra- conventional and inclusive insurance. Insurance distrib- tions; poor disclosure of the real costs of products; mis- uted by mobile network operators (MNOs) not only bene- leading advertisements; and misaligned agency and fits from the geographical omnipresence of MNOs but salesperson sales incentives that result in inappropriate also allows for a low-cost communication channel with intermediary conduct and advice. The following sections customers and, increasingly, for payment of premiums and attempt to capture major elements of these good prac- claims via bankless payment systems. This new distribu- tices for the insurance sector to assist in the conducting of tion model has allowed for significant reductions in cost country-level diagnostics. and increases in scale and is fueling innovation in insur- ance. The IAIS proposes that “technology can be required Table 1 presents a list of key readings related to con- and should be permitted in regulation and supervision to sumer protection for the insurance sector to support overcome barriers to access.”3 But the innovative partner- this work. Insurance  65 TABLE 1: Selected Key Readings on Consumer Protection for the Insurance Sector “Insurance Core Principles” (IAIS, 2011) “Application Paper on Approaches to Conduct of Business Supervision” (IAIS, 2014) “Application Paper on Approaches to Supervising the Conduct of Intermediaries” (IAIS, 2016) “Issues Paper on Conduct of Business in Inclusive Insurance” (IAIS, 2015) “Application Paper on Regulation and Supervision Supporting Inclusive Insurance Markets” (IAIS, 2012) “Final Report on Public Consultation on Preparatory Guidelines on Product Oversight and Governance Arrangements by Insurance Undertakings and Insurance Distributors” (EIOPA, April 2016) Alberto Monti, “The Law of Insurance Contracts in the People’s Republic of China: A Comparative Analysis of Policyholders’ Rights,” Global Jurist Topics 1, no. 3 (2001) Parliamentary and Health Services Ombudsman, Equitable Life: A Decade of Regulatory Failure, HC 815-I (London: Stationery Office, 2008) “Insurance Contract Law: A Joint Scoping Paper” (English Law Commission and Scottish Law Commission, 2005), available at https://www.scotlawcom.gov.uk/files/2512/7981/5440/cp_insurance.pdf Australian Law Reform Commission, Submissions to the Department of Treasury Review of the Insurance Contracts Act 1984 (Cth), 2003 and 2004 A. A. Tarr, “Insurance Law and the Consumer,” Bond Law Review 1, no. 1 (1989) A: LEGAL AND SUPERVISORY FRAMEWORK A1: CONSUMER PROTECTION LEGAL FRAMEWORK a. There should be a clear legal framework for the protection and fair treatment of retail insurance consumers, whether in a general insurance law, financial consumer protection law, contracts law, or insurance contracts law. b. The legal framework should include specific provisions for insurance contracts, which should set out the following: Minimum information exchange and disclosure requirements for the insurance contract i. Basic rights and responsibilities of insurer and policyholders under the contract ii. Basic protections against asymmetries of negotiating power or access to information in negotiating iii.  the insurance contract c. In addition to specifying the minimum content of and major exclusions to an insurance contract (ideally differentiated by the type of coverage, e.g. general, life, accident, and sickness), good statutory provisions on insurance contracts should also outline the following: i. When the contract comes into force ii. How disputes over the wording of contracts will be resolved Minimum requirements regarding use of plain language, typeface, and so forth iii. iv. The consequences of material and nonmaterial nondisclosure v. How a payout against a claim will be made where the sum insured is less than the loss Notification requirements when an insurer wishes to cancel or alter a contract vi. Treatment of subrogation of claims and renewals for retail and small business coverage as well as vii.  how a payout against a claim will be made where such a policy undervalues the sum insured What clauses may not be included in the contract— for example, warranty clauses, compulsory viii.  arbitration on the insurer’s terms, and so on ix. Conditions for renewal 66   Good Practices for Financial Consumer Protection d. The legal framework should include specific provisions enabling or establishing requirements concerning who may conduct insurance business and how insurance business should be conducted by industry participants to ensure that customers are protected and treated fairly. e. The legal framework should include a clear definition of insurance business. f. Insurers should be licensed to participate in insurance markets, and entities that undertake insurance business without a relevant license should be subject to both criminal and civil sanctions. g. The licensing process should, at a minimum, require the following: The applicant’s beneficial owners, board members, senior management, and people in control i.  functions demonstrate integrity and competence. Appropriate governance and internal control systems are in place, including specific controls to ii.  mitigate conduct of business risk. The insurer has adequate capital and financial resources to engage in insurance business. iii. The insurer has sound business and financial plans. iv. Insurance intermediaries, such as insurance agents and brokers, should be licensed. At a minimum, h.  there should be requirements that individuals conducting intermediary activity Be suitable and competent to engage in those activities—that is, they are of good character and i.  have experience and appropriate training to engage in insurance business); Engage in ongoing professional training; and ii.  Are subject to ongoing supervision and discipline if they fail to conduct insurance business consistent iii.  with regulatory requirements. i. The legal framework should include provisions establishing or enabling (for example, through subordinate regulation) specific requirements for the fair treatment of consumers throughout the insurance product lifecycle, from the marketing of insurance products through to the extinguishment of contractual obligations. (See A3, below.) j. The legal framework should include provisions establishing an effective supervisory authority (or authorities) and enabling the use of a range of supervisory tools to evaluate the conduct of business by insurers and intermediaries and enforce compliance with legislation and supervisory requirements by industry participants. Explanatory Notes Given that the very nature of most retail insurance contracts is to compensate for unusual or catastrophic Insurance contract provisions loss, the failure to obtain proper coverage, or to appreci- Special insurance contract provisions are required because ate its limitations, can be disastrous. Insurance contract of the complex nature of insurance contracts and the law can establish considerable protection for consumers asymmetric relationship that exists between industry par- by establishing clear expectations, minimum levels of ticipants and consumers. Insurance markets are inherently protection and standard terms, coverages procedures, biased in favor of industry participants rather than con- and conditions. Such provisions can be established in the sumers because insurers and intermediaries usually have general insurance law, in a contracts law, or in a separate greater product knowledge and experience than consum- insurance contracts law. The final arbitrator of disputes ers. Moreover, most consumers do not enter into con- regarding contractual provisions should be the court sys- tracts frequently, and consumers generally pay premiums tem if disputes cannot be resolved in some other way, for insurance services long before the insurer is required to such as through an insurer complaints handling system, honor potential claims obligations under the contract. mediation, or a financial consumer ombudsman. Most noncommercial insurance contracts are also offered Insurers should generally not be able to deny renewal on a take-it-or-leave-it basis, without affording consumers unless there has been a material change in a risk or the any realistic opportunity to bargain. authority has so directed or approved. In addition, there should be a period (typically 30 days) after the renewal Insurance  67 date when a policy can be renewed under the terms are treated fairly throughout the product lifecycle. (See offered in the material sent well before the renewal date. A3, below.) Provisions to establish or enable regulation of conduct Provisions to establish an effective authority and of business supervisory system Insurance is a business of trust, and it is important that The legal framework should ensure that oversight of insur- legislation establish requirements to ensure that inappro- ance markets is effective and that regulatory action is priate individuals and entities that may abuse that trust are taken to address potential harm. In countries where large prevented from entering the market. This requires that groups of the population are not served by formal super- legislative provisions define insurance business and who vised insurance but use informal risk-transfer arrange- may engage in it, establish a strong prohibition against ments—for example, prepaid funeral plans, credit life unauthorized insurance business, and establish or enable insurance “underwritten” by microfinance institutions, or (through subsidiary legislation) a licensing system (includ- mutual self-help associations—efforts are justified to bring ing appropriate exemptions) to control who may engage these schemes into formality and under insurance supervi- in it. Insurance activities should be allowed to be con- sion for consumer rights to be protected effectively. How- ducted only by authorized insurers and intermediaries. ever, proportionality should be applied, such as with In addition, the insurance legislation must establish or respect to appropriate capital and solvency requirements, enable (through subordinate regulation) requirements reporting and auditing requirements, and the need for regulating how authorized individuals carry out their investment policies and qualified actuaries. activities. These are necessary to ensure that consumers A2: INSTITUTIONAL ARRANGEMENTS AND MANDATES a. Legal provisions should clearly define an authority responsible for conduct of business supervision (the “authority”), provide a clear supervisory mandate and clear objectives for conduct of business supervision, and establish the independence, accountability, and transparency of the authority (or authorities). b. The authority in charge of supervising conduct of business should be adequately resourced. c. Appropriate legal protection should be established to protect the authority and supervisory staff from personal litigation in the good-faith exercise of their supervisory duties. d. Where more than one authority is responsible for supervision, their responsibilities should be clearly demarcated to ensure there is no unnecessary duplication and overlap, and provisions should enable them to share information necessary for the exercise of their individual responsibilities. e. The provisions establishing an effective supervisory system should include strong investigative powers, including the power to obtain any relevant information from industry participants with respect to matters within its mandate. f. The provisions establishing an effective supervisory system should include the power to undertake timely preventative and corrective action against both unlicensed activity and industry participants, and the power to undertake enforcement action in a timely manner with a range of enforcement tools that can be tailored to the seriousness of the contravention. g. The legal framework should clearly define the role of the authority relative to other authorities and should provide for coordination mechanisms (such as memorandums of understanding between various authorities). h. Authorities should work with industry associations, consumer groups, and the media to ensure that they play an active role in promoting financial consumer protection. 68   Good Practices for Financial Consumer Protection Explanatory Notes sharing of information between authorities need to be Provisions to establish an effective authority are necessary established where there is a legitimate supervisory or to ensure that there is effective oversight of the insurance administrative purpose, and where protection of confi- markets and that regulatory action is taken to address dential information can be maintained. potential harm. Regardless of whether the supervisory sys- Beyond avoiding overlapping and conflicting man- tem includes a single independent insurance regulator, a dates, it is also important that there is coordination financial services regulator dealing with multiple financial between the authority responsible for conduct of busi- sectors, or a “twin peaks” model, the authority responsi- ness of the insurance sector and other authorities, such ble for conduct of business in insurance must have a clear as the competition authority or the payments authority. supervisory mandate and objectives, operational inde- Competition is closely related to consumer protection pendence, accountability and transparency, and appropri- and to financial inclusion, so it important that authorities ate legal protection to carry out its mandate. Legislation coordinate to monitor competition issues in the retail should establish or enable (through subordinate regula- insurance market. tion) a proactive and risk-based supervisory system to help Given the convergence of telecommunication and ensure effective oversight of the insurance market and the information technologies and the financial sector, particu- fair treatment of consumers. larly in the supply of innovative retail insurance and micro- Where more than one authority is responsible for con- insurance products using new channels or providers, there duct of business, their mandates should be clearly estab- may also be a need to coordinate with regulators outside lished and complementary, rather than overlapping and of the financial sector, such as the telecommunications conflicting. Ideally, these mandates should be clearly regulator. As more insurance products in developing mar- defined in legislation. If they are not, a memorandum of kets are being sold via mobile phone, as in Ghana and understanding between regulators can be used to avoid Haiti), need is increasing for coordination between rele- conflict. Legislation should also clearly define the role of vant authorities (financial and nonfinancial sector regula- the authority relative to other authorities and any ombuds- tors) to ensure adequate oversight and avoid potential men that may exist, and that of the court system—for conflicts between the insurance provider and MNOs that example, in regard to contractual disputes and the appeal could lead to potential detrimental consequences for con- of supervisory decisions. In addition, provisions for the sumers, as in the case of EcoLife in Zimbabwe. A3: REGULATORY FRAMEWORK a. There should be a comprehensive regulatory framework to support the fair treatment of consumers by insurers and intermediaries. These requirements should be focused on supporting fair treatment of consumers throughout the insurance product life cycle. b. At a minimum, these requirements should require that insurers and intermediaries Act with due skill, care, and diligence when dealing with customers; i. Embed fair treatment of customers into their business culture in dealing with consumers; ii. Take into account the needs and interests of different types of customers when developing and iii. marketing insurance products; Promote products and services in a manner that is clear, fair, and not misleading; iv. Set requirements for insurers and intermediaries with regard to the timing, delivery, and content of v. information provided to customers at point of sale; Ensure that, where customers receive advice before concluding an insurance contract, such advice is vi. appropriate, taking into account the customer’s disclosed circumstances; Ensure that potential conflicts of interest are properly managed; vii. Service policies properly through to the point at which all obligations under the policy have been viii. satisfied; Disclose to the policyholder information on any contractual changes during the life of the contract; ix. and Have policies and processes in place to handle claims and complaints in a timely and fair manner. x. Insurance  69 c. Regulatory requirements can be established in regulations or in rules issued by the relevant authority or authorities but must be legally enforceable. d. Regulatory requirements should be tailored to the nature, scale, and complexity of the insurance market and the conduct of business risks facing retail consumers in those markets, including proportionate adaptation of requirements to avoid potential barriers to access. e. Regulatory requirements may include prescriptive rules for the conduct of insurers or intermediaries; more indirect, principles-based approaches that use oversight of the insurer or intermediary’s governance and internal control structure to achieve the above-noted standards; or a combination of these two approaches. f. Regulatory requirements should be developed in consultation with the industry association and other internal and external stakeholder groups (including consumer representatives) to help ensure that they are effective. The regulatory framework should also be regularly reviewed with stakeholders to ensure that it remains relevant to conduct of business risks in the insurance market. g. To the extent possible, regulation should benefit from research regarding the regulatory practices of other countries, as well as from consumer research and behavioral economics. Explanatory Notes • Codes of conduct (COCs), either voluntary or estab- Most jurisdictions use a combination of rules-based and lished in law, that help provide a higher-level board-en- principles-based approaches to try and achieve the fair dorsed commitment to fair treatment of consumers treatment outcome. Balancing rules-based and princi- (principles-based) ples-based supervisory approaches can be difficult and • Legal requirements (and supervisory guidance) for depends to a large degree on the jurisdiction’s legal sys- board-approved policies and board reporting on mea- tem (such as civil code or common law), cultural factors, sures to mitigate conduct of business risks (for exam- and history, as well as the need to protect its most vulner- ple, EIOPA guidelines on complaints handling policy able consumers. requirements), to hold the board accountable for con- Prescriptive rules-based approaches support regula- duct of business risks (principles-based) tory certainty and predictability but can also result in authorities being more concerned with whether industry • Regulations requiring fairness, clarity, and quality in participants are meeting (sometimes outdated) require- product promotions and against deceptive or mislead- ments than whether consumers are being protected from ing advertising (rules-based or principles-based) harm. They can also stifle product innovation and financial • Product review or approval requirements by the inclusion. authority (including beyond actuarial and product Principles-based approaches allow greater flexibility design aspects), particularly for compulsory products for authorities to tailor their supervisory approach to a and retail products in markets with low financial literacy range of business models and to adapt to the changing (rules-based) nature of conduct of business risks. They can also offer greater flexibility to insurers to design products and busi- • Regulations or rules respecting the information pro- ness processes. On the other hand, principles-based pro- vided at point of sale (for example, key information visions may raise concerns that the authority’s expectations requirements) and actions are unclear, arbitrary, or even capricious. As a • Regulations or rules (placed either on insurers or result, they can also be legally more difficult to enforce, through intermediary licensing processes) requiring particularly in countries with civil code legal systems. the following: Regardless of the approach, insurers and intermediar- ies in all markets need to meet certain international regu- – The people selling products are suitable, compe- latory standards for fair treatment. These are described in tent and properly trained about the major features Principle 19 of the IAIS Insurance Core Principles.6 of the product and its target market (rules-based). Some of the specific regulatory tools that can be used – They collect information about the client and assess to achieve fair treatment standards by industry partici- the appropriateness of the product for the client’s pants include: needs before recommending the product. 70   Good Practices for Financial Consumer Protection – They provide an explanation of the major features required to address particular vulnerabilities of consum- of the products, including exclusions, precondi- ers at higher risk, such as those from emerging mar- tions, and deductibles (rules-based or principles- kets—for example, with respect to policy conditions and based). exclusions, expeditious claims settlement, and consumer – They document the advice they provide, including information and protection mechanisms specific to pre- the client’s understanding of key terms and condi- viously excluded populations. tions. Industry associations, consumer groups, and the media can play an important role in the development and main- – They appropriately handle and remit client funds. tenance of the regulatory framework and should be con- Regulatory requirements can also be proportionately sulted regularly on regulatory issues. In the case of industry adapted for (well-defined) microinsurance and other associations, they can provide information to help make forms of (well-defined) inclusive insurance so as not to the regulatory requirements more effective and less costly. present undue supply-side barriers. Proportionately They can help in the development of best practices and lower requirements include, for example, intermediary guidelines for their members, and they can act as a focal licensing and qualifications, (funeral) benefits in kind, point for clarification of industry positions on regulatory flexible premium payments, streamlined (digital) enroll- issues. Consumer groups and the media can also alert reg- ment procedures to allow for the digital delivery of insur- ulators to weaknesses in regulatory requirements and the ance products and services, or supportive rules for pilot emergence of new conduct of business issues that may not testing. Appropriately higher requirements may also be be addressed in the regulatory framework. A4: SUPERVISORY ACTIVITIES a. The authority should undertake a risk-based and proactive approach to supervision of conduct of business risks in the insurance market to help ensure fair treatment of consumers. b. On an ongoing basis, through regulatory returns and third-party information sources, the authority should collect and monitor basic data on insurance operations, products, and services in the insurance market, including standardized complaint information and statistics on premiums, claims, and costs (for example, claims ratios). c. A supervisory plan for conduct of business supervision should be developed annually within a documented framework that sets out clear priorities, reporting, and accountability criteria. d. Supervisory procedures should be documented. e. The authority should use a variety of tools to ensure robust conduct of business supervision. Depending on the nature, scale, and complexity of the market, these may include Market analysis; i. Policy review; ii. Off-site supervision; iii. On-site supervision; iv. Thematic review; and v. Complaint handling. vi. f. The authority should evaluate its supervisory approach, tools, and techniques, as well as supporting information systems, on a regular basis, to enable its staff to assess institution-specific and market-wide risks effectively. g. Supervisory staff should meet high professional standards and have sufficient insurance knowledge and appropriate backgrounds and training to carry out conduct of business supervision—for example, insurance knowledge, legal training, or audit training. h. The authority should report to the public regularly on insurance markets and about its own role and the performance of its duties. (See A6.) It should also share relevant information with other supervisory authorities where there is a legitimate regulatory need and where confidentiality can be maintained. Insurance  71 Explanatory Notes diaries and their resolution for the preceding time period. In the past, supervisory frameworks for conduct of busi- This should include not only those complaints received by ness often consisted of investigation of contraventions of the insurance authority, but also those received by the a few rules-based regulatory requirements and investiga- insurers and industry ombudsmen as well. tion of complaints made to the authority. International Implementation of a systematic market analysis pro- standards require that modern conduct of business super- gram often requires that authorities develop and imple- visory frameworks be more risk-based, proactive, and flex- ment new reporting requirements on insurers regarding ible. They should utilize a mix of supervisory tools that are the handling of complaints that the insurers receive. appropriate to the nature, scale, and complexity of the Issues in this area include the definition of complaint, insurance market. They need to be effective and mindful complaint categories (such as line of business and type of of the burden they place on the regulated industry. complaint), and categorizing how the complaint was Good practice in leading jurisdictions requires that this be resolved. To facilitate reporting and analysis by the accomplished by designing an annual supervisory plan authority, information received should be in electronic within a documented framework that sets out clear priori- form, and the development of an appropriate database is ties, reporting, and accountability criteria, and includes a often required. mix of supervisory tools to achieve the plan priorities. It In countries where large parts of the population use also requires that the authority report regularly to the pub- informal risk-transfer schemes instead of supervised insur- lic on the conduct of its activities. ance, the authority’s market intelligence may consider also Frameworks that meet international best practices including such schemes to the extent possible. Even often include the following tools described below. though they are not currently subject to insurance super- vision (or reporting), the insurance supervisory authority is Market analysis often best positioned to warn consumers regarding unfair A starting point for the development of an effective and practices and unreliable promises. Also, knowledge of the risk-based supervisory plan is a systematic analysis of con- informal risk-transfer markets will help regulators to bring duct of business risk in the market. General economic these schemes into some form of supervised formality for conditions; the size, structure, and product mix of the proper consumer protection. insurance sector; distribution models (including electronic channels and digitally enabled distribution); and the rate Policy review/product approvals of growth, among other factors, can all affect the nature, Product review and/or approval processes include the scale, and complexity of conduct of business risks. review of such specific documents as policies, applica- Market analysis should be used to help set supervisory tions, and advertising materials with respect to legal priorities and direct the use of other supervisory tools. compliance and conduct of business risks (for example, Market analysis attempts to identify underlying trends misrepresentation or fit with consumer needs). The regu- within the insurance sector and provides direction to the latory requirements for such reviews are typically estab- supervisory plan. Depending on the market, it can employ lished in legislation. Internationally, three approaches are sophisticated methodologies such as risk categorization commonly used: (1) preapproval processes, (2) file-and- tools, risk scorecard approaches, rotation models, and use processes, and (3) selective product review pro- sampling methodologies, as in the United Kingdom, or cesses. The intention of such requirements is to ensure simple approaches, as in Colombia. that inappropriate products—that is, those that present Where prudential supervision is carried out by another high levels of conduct risks—either are not introduced supervisory authority, it may also involve an exchange of to the market or, if introduced, are removed as quickly information and discussions between authorities, as pru- as possible. dential issues often have symptoms in market conduct Higher levels of conduct risk are likely to be found in problems, and market conduct issues sometimes have products that have been designed with high margins and symptoms in prudential problems. low expected claims payouts, and in products bundled Market analysis should occur regularly (for example, with other services whose premium is so low that it can twice per year) because markets change. It should be con- pass unnoticed, especially if marketed to emerging mar- sistent in its approach and utilize a variety of information ket customers (for example, some mobile/digital microin- from a variety of sources, including data on the general surance products). As a general rule, it can help to look at economy, market participants, business mix, and forecast how the conflicts of interest inherent to insurance are issues and trends, as well as information from consumer addressed in product and process design—that is, the agencies, ombudsmen, the media, and other external conflicts between the interests of insurance shareholders, sources. A key component of this work is a detailed anal- insurance intermediaries, insurance-related service pro- ysis of consumer complaints against insurers and interme- viders (such as health care providers or fund managers), 72   Good Practices for Financial Consumer Protection and insurance customers. For example, long-term life Entity-specific supervision insurance policies with substantial savings components Entity-specific supervision involves regular review of the positively affect the insurer’s income statement and pro- supervised entities’ culture, as well as their conduct of vide considerable, and mostly up-front, commissions to business policies, procedures, and practices in a manner intermediaries, usually leading to high penalties to cus- similar to prudential supervision. The latter might include tomers if they regret the decision and rescind from the systematic assessment of compliance with insurer and policy in the years following the purchase. intermediary COCs; conduct of business rules; strategic From a supervisory perspective, product review pro- plans, policies, and procedures; and internal controls with cesses can proactively avoid market conduct problems. respect to conduct risks. The authority should also assess They can be particularly important for ensuring that retail the role and practices of the most relevant third parties products are packaged in plain language. However, the involved in service design and delivery, or consumer inter- following issues can arise in establishing such reviews: actions, such as agents and sales consultants. This can be • The type of process, its objectives, and the criteria for carried out through a combination of on-site and off-site the review must be clear, both to the supervisory staff activities and has three general goals: conducting the review and to the industry participants. • To assess whether insurers have the required policies A common problem with such processes is that unless and procedures objectives and criteria are clearly articulated, the con- duct of the review can become subjective and incon- • To ascertain whether they are being complied with and sistent over time. Attention should also be paid to are engrained in the culture of the organization ensuring that the reviews do not become so compli- • To determine whether such policies and procedures ance-oriented that they stifle product innovation. are effective and sufficient • A product review may be interpreted by the industry Like prudential supervision, the approach taken to this for purposes that are much broader than what was work should be risk-based and proactively focused. It can originally intended. For example, approval of the pol- be conducted as part of other on-site and off-site activities icy may be viewed as absolution from any problems (for example, prudential activities) or separately, depend- that develop after introduction, including decisions of ing on the nature of the market and the structure of the the courts with respect to policy interpretation. jurisdiction’s regulatory system. • Supervisory staff conducting the review must have suf- Thematic reviews and investigations ficient knowledge and experience to carry out the work. Usually, this work requires a mix of industry Thematic reviews and investigations are special examina- knowledge, law, and consumer protection experience. tions intended to address emerging or particularly compli- For innovative products aimed at previously excluded cated market conduct risks. They can involve on-site or populations, particular understanding of microinsur- off-site supervisory activity and target specific types of ance, poor households’ risks, coping mechanisms, and insurers, insurance business, or business functions. Exam- income streams, among others, may need to be devel- ples might include the examination of the sale of certain oped while these markets grow. types of insurance products, such as credit insurance or travel-insurance products; particular distribution models, Several authorities in the United States use extensive such as insurance sold through banks; or particular activi- product review processes. Many other countries rely on ties—for example, a review of loss-adjusting activity file-and-use systems or preapproval processes (for exam- related to motor insurance. Well-chosen thematic reviews ple, for compulsory insurance products). For product can strengthen supervisory knowledge and make market review or preapproval processes, it can be helpful to conduct supervision more proactive. ensure that authorities have statutory protection, as noted A new supervisory practice used in some jurisdictions in A2, to address any concerns with potential liability. to gather information on insurers and the market is called Another approach used in some countries is to specify mystery shopping. This practice involves supervisory standard wording for the largest voluntary consumer staff or their appointed representatives, such as con- classes of insurance, such as comprehensive motor insur- tracted market research firms, acting as retail consumers ance, motor casualty and collision insurance, and mort- to assess various point-of-sale practices of insurers. By gage protection insurance, and then require that insurers recording what an insurer says in discussions with a mys- be required to provide a prominent derogation statement tery shopper, an authority can establish or confirm an if they deviate from the standard. insurer’s normal practices in a way that might not be pos- sible by any other means. Insurance  73 Consumer complaints It is important that the authority’s complaints and While many consumer complaints are dealt with by insur- enquiry functions have a clear mandate and clear proce- ers or by dispute resolution systems, consumer complaints dures. Many authorities, for example, will address a com- to the regulator are part of the regular day-to-day busi- plaint only if the complainant has exhausted the insurer’s ness that an authority must deal with. Complaints are a complaints handling process or if there is a specific allega- litmus test for broader conduct of business and solvency tion of a regulatory breach. It is also important that com- problems. Complaint investigations and the individual plaints handling be well documented and that consumers issue reviews that they generate can identify broader are informed and made aware of these procedures. problems and trends with insurer risk-mitigation activities With regard to mandate, it is important that the role of or changes to conduct risk. They are also a measure of the the authority not be confused with other venues, such as overall effectiveness of a conduct of business framework. the court system. Many supervisory systems address this Complaints are also part of any normally functioning issue by giving the insurance authority a mandate to insurance market. A conduct of business framework under address systemic and regulatory problems, while alterna- which there are many unresolved complaints or com- tive dispute resolution (ADR) systems, such as a financial plaints that take a long time to resolve can be a symptom services ombudsman or, as a last recourse, the courts, of ineffectiveness. Conversely, a conduct of business deal with individual contractual complaints that cannot be framework under which there are no complaints may be a resolved by insurers. For this approach to work, however, sign of an overly burdensome framework or one that sim- ADR systems and court systems must be credible vehicles ply fails to identify and mitigate conduct of business risks. for resolution of complaint issues. A5: ENFORCEMENT a. The authority’s enforcement powers and tools, and the actions taken against insurance providers by the financial consumer protection authority, should create a credible threat of enforcement in case of lack of compliance with the legal and regulatory framework, in order to punish and deter wrongdoing. b. The authority should also have the power to take enforcement action against unlicensed insurance activity as well as against licensed industry participants who contravene regulatory requirements for fair treatment of consumers. c. Supervisory powers should include the ability to take timely preemptive action to protect the interests of insureds prior to the occurrence of violations. d. The authority should have a range of enforcement tools to address contraventions, including but not limited to The power to issue binding directions; i. The power to suspend, restrict, or attach conditions to business activities; ii. The power to suspend, restrict, or attach conditions or revoke licenses; iii. The power to remove individuals or bar them from acting in particular capacities—for example, senior iv.  officers, directors, or people heading control functions; The ability to apply administrative penalties for minor contraventions; and v. The ability to seek fines and other offence penalties commensurate with seriousness of the vi.  contravention. e.  The authority should have the ability and the authority to escalate enforcement action and should do so in order to prevent the continuance or reoccurrence of regulatory contraventions. The authority should have the ability to identify and refer potential criminal activity to appropriate f.  authorities for investigation in a timely manner. 74   Good Practices for Financial Consumer Protection Explanatory Notes increase the level of intervention depending on the Effective supervision and regulation of conduct of busi- nature, scope, and seriousness of regulatory contraven- ness in insurance depend on the ability of the authority to tions. Preemptive actions may consist of informal regula- take enforcement action when necessary. This includes tory communications leveraging upon moral suasion. As the ability to take action against authorized as well as criminal breaches are often discovered through supervi- unauthorized industry participants. sory investigations, the ability to refer criminal investiga- To be effective, the authority should have a range of tions to appropriate authorities is also important. preemptive and enforcement powers and be able to A6: CODES OF CONDUCT AND OTHER SELF-REGULATION a. The legal and regulatory framework should allow for the emergence of self-regulatory organizations, including industry associations. b. Industry participants should have a COC, either established by law or on a voluntary basis, illustrating their commitment to the fair treatment of consumers. c. COCs and other self-regulation must be written in plain language and without industry jargon, to ensure that insurance consumers and industry participants can understand them easily. d. COCs and other self-regulation should be publicized and disseminated, so that they are known to consumers. e. To the extent possible, the authority should take actions to encourage or check compliance by industry participants with self-regulation and should use self-regulation when evaluating an insurer’s or intermediary’s conduct. Explanatory Notes that insurance consumers and industry participants can Many jurisdictions are establishing industry COCs as part understand them easily, and they should be publicized of the regulatory system. Industry COCs are important and disseminated, so that they are known to consumers. because they provide an overarching benchmark for eval- Principles-based COCs are sometimes criticized as uating insurer or intermediary conduct and the effective- being legally unenforceable. This perspective neglects to ness of insurer internal controls under the supervisory recognize that the true value of such codes is to confirm framework. COCs should be considered an addition to, the insurer or the intermediary’s commitment to fair treat- rather than a substitute for, a sound regulatory system. ment of consumers. Once a code is in place, it provides The codes can be established in law or on a voluntary the authority with a benchmark by which it can assess the basis by industry participants. When the COC is endorsed entity’s internal controls, policies, and procedures with by an insurer’s board, it can help to establish a culture of regard to conduct of business risks. fair treatment within the insurer organization. One method of strengthening the likelihood of Sometimes COCs are prescriptive, such the Monetary enforcement of voluntary COCs is to require by law that Authority of Singapore’s Guidelines on Standards of Con- all insurers and intermediaries be members of the rele- duct for Financial Advisers and Representatives.7 Other vant industry association, and then make membership in times, they establish very high-level principles, such as the the association contingent on abiding by the voluntary Canadian Life and Health Insurance Association’s Code of COC. The association should be able to enforce compli- Ethics.8 Regardless of the approach, they must be written ance with the code, and there should be consequences in plain language and without industry jargon, to ensure for violations. Insurance  75 TABLE 2: Selected Codes of Conduct for the Insurance Sector COUNTRY INSTITUTION CODE OF CONDUCT Australia National Insurance Brokers’ Association General Insurance Brokers’ Code of Practice Insurance Council of Australia General Insurance Code of Practice Financial Planning Association Financial Planners’ Code of Ethics and Rules of Professional Conduct India Life Insurance Council of India Code of Best Practice for Indian Life Insurers Malaysia Life Insurance Association of Malaysia Code of Ethics and Conduct (approved by Bank Negara) Russia Russian Association of Motor Insurers Various codes, including developing a register of insurance agents and insurance brokers against whom complaints have been made; rules of professional conduct entitled “Improving the Level of Service in the MTPL Market”; rules covering the review of claims made by victims and the payment of compensation South Africa Life Offices’ Association of South Africa Code of Conduct (24 chapters covering a range of products and activities) United Kingdom Association of British Insurers Various codes and guidance notes, including Statement of Best Practice for Long-term Care Insurance, Code of Practice for Endowment Policy Reviews, Statement of Best Practice for Critical Illness Insurance, Best Practice Guide on With-Profit Bonds. Singapore Monetary Authority of Singapore Guidelines on Standards of Conduct for Insurance Brokers Source: World Bank Research and Financial Sector Assessment Program A7: DISSEMINATION OF INFORMATION BY AUTHORITIES a. The authority should make readily available to the general public, at no cost, minimum relevant information on the insurance sector and about its own role and how it performs its duties to help achieve its statutory goals and increase its transparency. Generally, this information should include A clear description of its regulatory and supervisory mandate and remit, and the role of other i. authorities, if applicable; A report, at least annually and in a timely manner, on its supervisory program, describing its ii. performance in pursuing its supervisory objectives; Information and analysis about the insurance market and the conduct of business in the insurance iii. sector, such as aggregated information about insurer complaints; Information about problem or failed insurers, including information on supervisory actions taken, iv. subject to confidentiality considerations and in so far as it does not jeopardize confidentiality requirements and other supervisory objectives; Its audited annual financial statements; v. A list (or access to a database) of all licensed insurance providers and intermediaries and their vi. regulatory status; and Laws and a compilation of all regulations on financial consumer protection relevant to the insurance vii. sector. b. To the extent possible, the authority should coordinate with a variety of stakeholders—such as industry and consumer associations, the media, and other government agencies—to increase the reach of the information it disseminates. 76   Good Practices for Financial Consumer Protection Explanatory Notes risks and can include information on common market- The two main objectives of the authority in disseminating place scams, illegal activities, and specific enforcement information to the public are actions taken to address real and potential harm. In the United States, for example, several jurisdictions • To help ensure its own accountability; and (at the state level) are disclosing greater information on • To make consumers aware of conduct of business risks consumer complaints, including the publication of a con- and the means of addressing them. sumer complaint ratio for each insurer in each business class, such as in Colorado, Michigan, North Carolina, With regard to ensuring accountability, dissemination of Texas, and Virginia. This ratio is a statistic that shows the information by authorities should be linked to the funda- number of closed complaints for every US$1 million of mental mandate of the authority and to the risks that premium the company sold in the jurisdiction during that insurance supervision is intended to reduce. Information calendar year. Aggregated complaints data can be dis- should be outcome-oriented, rather than output-ori- closed in order to avoid confidentiality concerns. ented, and focused on the performance of the supervi- Furthermore, many jurisdictions now routinely publish sory system. on the authority’s website or in annual reports information Supervisory information can also make consumers on enforcement actions taken against industry partici- more aware of emerging or ongoing conduct of business pants for major breaches of regulatory provisions. B: DISCLOSURE AND TRANSPARENCY B1: FORMAT AND MANNER OF DISCLOSURE a. To ensure that information is properly understood, insurers and intermediaries should use plain language in all documents (including those in electronic formats) and oral communications with retail insurance clients. b. Plain language requirements should apply to the following, across all manners of communication: Advertising and sales materials i. All point-of-sale documents ii. Applications and policy documents iii. Ongoing reports and correspondence iv. Oral communications with policyholders v. c. There should be minimum requirements regarding typefaces for written materials and readability (for example, Flesch-Kincaid9 readability tests and minimum font size), including for materials in electronic format. d. Illustrations must not mislead consumers as to the features of the product and should facilitate product comparison. e. Information on key product features and other key communications should be provided in written form (including electronic format) that can be kept or saved by the consumer and in an appropriate medium that lasts for a reasonable amount of time. f. Where feasible, key features should also be communicated to the consumer orally during the precontractual stage and at the point of sale. g. Wherever possible, communications should be in the client’s preferred language. Insurance  77 Explanatory Notes to visual and spoken disclosure, flexibility is required. The format and manner of disclosure are as important as When there is no adaptation to specific channels, disclo- requirements on what to disclose, as disclosure may be sure becomes excessive and meaningless. For example, rendered completely ineffective by factors such as a small visual or oral prerecorded communications should be font, convoluted language, excessively fast visual and oral required to provide information at a reasonable speed or communication, or excessive information. for a reasonable period of time, to allow a consumer to Improving the readability of products through plain lan- listen to or read it. guage requirements can help build consumer trust in Given that insurance products and services are increas- insurance markets. Plain language communication is par- ingly being sold through electronic channels, the regula- ticularly important in underserviced markets and markets tory requirements on format, including for sales and characterized by low levels of financial literacy. Ideally, marketing materials, should also be flexible enough to be when developing materials, insurers should provide for adapted to different delivery channels. Disclosure require- independent review, such as through focus group testing, ments should be adapted for electronic channels while to ensure that materials meet consumer needs. Compli- not forming barriers for ethical and healthy innovation in ance with plain language requirements should be assessed service delivery and information disclosure. For instance, through policy review processes or in off-site or on-site SMS (short message service) messages are often used as review of the insurer’s or intermediary’s operations. receipts for payment of premiums when insurance is sold Consumers may be put in a weak position when key bundled with airtime. Although they are usually more dif- disclosures are made in a format that cannot be saved or ficult to read and understand than a paper-based receipt, is not durable enough to be used later, whether electronic this fact provides insufficient reason to consider them or paper-based. Disclosures and communications should invalid. Complementary regulatory requirements could give prominence to key features and risks of products and also be considered regarding recordkeeping for digital services, to induce the consumer to pay extra attention to transactions, to ensure that records are available for such features and, if needed, seek further clarification with supervisors and can also be provided upon request to the insurer’s or intermediary’s staff or agents. With regard customers and used to support disputes. B2: ADVERTISING AND SALES MATERIALS a. In addition to the general requirements described in B1, insurers and intermediaries should be required to ensure that their advertising and sales materials and procedures do not mislead customers or omit key information (such as the identity of the insurer). b. Insurers should be legally responsible for all statements made in marketing and sales materials that they produce related to their products. c. Advertising materials by insurers and intermediaries should disclose that they are regulated, and the name of the regulatory authority. d. Insurers should be responsible for providing information that is accurate, clear, and not misleading to intermediaries who may rely on this information in providing advice to customers. Explanatory Notes If an insurer or intermediary subsequently becomes International standards require that insurers and intermedi- aware that the information provided is not accurate and aries promote products and services in a manner that is clear or is misleading, it should withdraw the information clear, fair, and not misleading. Before an insurer or interme- from the market and notify any person known to be rely- diary promotes an insurance product, it should take rea- ing on the information as soon as reasonably practicable. sonable steps to ensure that the information provided is accurate and clear and will not mislead consumers. This The information provided, at a minimum, should includes not only information related to the features of the • Be easily understandable; product but also the identity of the insurance provider or providers. • Include results for the product that are consistent with the results that can be reasonably expected to be achieved by the majority of customers of that product; 78   Good Practices for Financial Consumer Protection • State prominently the basis for any claimed benefits ance products than non-life products. In general, the level and any significant limitations; and of detail required by a jurisdiction depends on the nature, scale, and complexity of the market, with markets charac- • Not hide, diminish, or obscure important statements or terized by simple products requiring less onerous regula- warnings. tory provisions. Most jurisdictions currently have regulatory provisions that The treatment of insurance sales material and con- allow the authority to prohibit the use of product adver- tracts is most developed in common law countries, tisements for insurance that are obviously unfair, mislead- where case law has supported the introduction of such ing, or deceptive. Recently, often in response to improved concepts as plain meaning interpretations (consensus ad standards, leading jurisdictions have extended require- idem), violation of good faith and fair dealing (mala ges- ments into the fairness, clarity, and quality of product pro- tio), and bans on warranty clauses that could otherwise motions. The increasing complexity of products has enable insurers to avoid claims. Common law countries sometimes made this necessary. In some cases—in mar- have considerable scope to deal with the enormous kets with low levels of financial literacy, for example—it range of potential transaction types that can arise under has also become necessary because applications or poli- property, liability (tort), and credit-related insurance cies are difficult to understand and, as a result, some con- arrangements. Civil law countries tend to rely on specific sumers are relying on the promotional material they sections of their civil codes or separate contracts laws receive, rather than the product documentation. (for example, the law of obligations) and sometimes on For example, in the state of Kansas in the United strict regulatory/supervisory oversight of transaction and States, regulation of complex life insurance products has sales material. been extended from prohibiting obviously incorrect or Several directives in Europe hold financial institutions misleading statements to requiring the disclosure of cer- responsible for the content of their public announce- tain specific types of information, such as regulatory limits ments. These include Directive 2002/65/EC, concerning placed on investment returns used in life insurance value the distance marketing of financial services, and Directive projections. This is generally more important for life insur- 1997/55/EEC, on comparative advertising. B3: DISCLOSURE OF TERMS AND CONDITIONS a. The insurer or intermediary, as relevant, should take reasonable steps to ensure that a customer is given appropriate information at point of sale about the key terms and conditions of a product, so that the customer can make an informed decision about the arrangements proposed before entering into an insurance contract. b. While the level of product information required may vary, it should include information on key features, such as the following: The name of the insurer, its legal form, and, where relevant, the group to which it belongs i. The type of insurance contract on offer, including the policy benefits ii. The level of the premium, the due date, and the period for which the premium is payable, as well as iii. the consequences of late or nonpayment Where a policy is bought in connection with other goods or services (a bundled product), premiums iv. for each benefit (both main benefits and supplementary benefits) should be disclosed separately from any other prices. Whether buying the policy is compulsory v. The type and level of charges to be deducted from or added to the quoted premium, and any charges vi. to be paid directly by the customer When the insurance cover begins and ends, including any cooling-off period associated with the sale vii. of the product A description of the risk insured by the contract and of the excluded risks viii. Prominent and clear information on significant or unusual exclusions or limitations ix. Insurance  79 c. Insurer salespeople and intermediaries should be required to disclose major rights and obligations under the insurance contract, including the consequences of nondisclosure and inaccuracies in information provided by the prospective policyholder, the right to cancel, and the right to complain, among others. The process for dispute resolution and contact information for internal and external third-party complaints handling mechanisms should also be disclosed. d. Disclosure requirements should focus on the quality of product disclosure rather than the quantity of disclosure, as when disclosure becomes too voluminous, the customer may be less likely to read or comprehend the information. e. Disclosure of key terms and conditions should occur in good time, before the signing of an insurance contract. f. Wherever possible, a printed or electronic copy of the insurance contract, containing at minimum the information listed in clause B3(b), should be provided to the consumer at signing. g. Each term and condition of an insurance contract should be set out in full either in the policy or in writing securely attached to it when it is issued. h. The regulatory framework providing for clauses B3(a)–(g), above, should be applicable to consumer agreements signed electronically—for example, via mobile phones, over the Internet, and by phone recordings. Explanatory Notes • The obligation to monitor cover—including a state- The information provided to consumers should enable ment, where relevant, that the customer may need to them to understand the characteristics of the product they review and update the cover periodically to ensure it are buying and help them understand whether and why remains adequate it meets their needs, before entering into an insurance • The right to cancel, including the existence, duration, contract. and conditions relating to the right to cancel. If there The level of information required will tend to vary are any charges related to the early cancellation or according to matters such as: switching of a policy, this should be prominently dis- • The knowledge and experience of a typical customer closed for the policy in question • The right to claim benefits, including conditions under • The policy terms and conditions, including its main ben- which the policyholder can claim, and the contact efits, exclusions, limitations, conditions, and duration details to notify a claim • The policy’s overall complexity and whether the policy • The right to complain, including how to make a com- is bought in connection with other goods and services plaint, the insurer’s internal dispute resolution mecha- nism, and the existence of any alternative dispute • Whether the same information has been provided to resolution mechanism. the customer previously and, if so, when International standards are generally met through princi- In regards to major rights and obligations, disclosed infor- ple-based requirements on insurers and intermediaries. mation should generally include the following: Many jurisdictions, such as the Canadian provinces, have legally enforceable intermediary COCs setting out major • The law under which the contract is made obligations. These are sometimes supplemented with • The obligation to disclose material facts—including specific rules and training requirements on intermediaries prominent and clear information on the obligation on and sales staff. Requirements for compulsory products the customer to disclose material facts truthfully and some investment products tend to be more prescrip- tive than other products. Key facts statements (KFSs) can • Obligations to be complied with when a contract is be useful tools to help meet the requirements for this concluded and during its lifetime, as well as the legal standard. (See B4, below.) consequences of noncompliance 80   Good Practices for Financial Consumer Protection Annex III of the EU Life Assurance Directive, in particu- addresses of the underwriting (and the servicing) office. In lar, requires that life insurance consumers be advised of Mozambique, the master policyholder has the obligation to recourse mechanisms at the time of sale. inform the insured persons about the coverage, including China has made consumer protection a core element rights and obligations, and the insured persons can request of its recently updated insurance regulatory model and is from the insurance company all the information necessary pioneering cutting-edge requirements for distribution to ensure the effective understanding of the contract. (including certain types of agents, such as bank branches) Whether individuals insured under group schemes and policy type combinations (including investment-linked are aware of their insured status is often a greater con- and participating contracts where benefit illustrations are cern to regulators in developing microinsurance markets provided). Innovations include requiring new policyhold- than whether they are aware of the policy terms and con- ers to write in their own hand that they understand the ditions details. Requesting that insurers provide and pro- terms of the contract they are entering into, and requiring mote a helpline where insureds can clarify any doubts life insurers to follow up by phone after a short period to (and make complaints) is often more conducive than confirm necessary information. requiring that extensive information be provided to the Group insurance, while relevant in mature markets—for consumer at the time of sale. example, in the form of employer-sponsored life insur- Remote contracting, where insurance offers are made ance—also plays an important role in microinsurance and without the physical presence of an intermediary and may require an adapted approach with respect to disclo- accepted by the insurer with the receipt of the premium, sure of terms and conditions, particularly with respect to are increasingly used to serve populations that are other- clause B3(g), above. Some jurisdictions, such as Pakistan wise difficult to reach sustainably, including via mobile and South Africa, impute a contractual relationship between phones and over the Internet. Such approaches require the insurer and the insured group members, while in other flexible and proportionate requirements to address infor- countries, the contractual relationship is only between the mation needs (and other acceptance procedures) appro- insurer and the group’s master policyholder. In the latter priately, balancing practical operational needs with cases, the information provided to the master policyholder potential risks to consumers. The regulatory framework may differ from the information provided to the group should seek to balance achieving sufficient disclosure and members. In India, for example, the master policyholder transparency for electronic channels, particularly when tar- receives the policy contract, while each of the individuals geted at and used by low-literacy consumers who may not covered under the group receives a certificate evidencing be familiar with insurance products, without impeding proof of insurance and containing key details (rather than innovations in service delivery, particularly where benefi- full terms and conditions), such as period of cover and the cial for financial inclusion. B4: KEY FACTS STATEMENTS a. KFSs that disclose key product terms and conditions should generally be provided to consumers of common retail insurance products before the insurance contract is entered into. b. KFSs should be concise, effectively designed, and written in plain, easy-to-understand language, summarizing in a page or two the key terms and conditions and major risks and obligations of the specific product and allowing the comparison of similar products offered by different providers. c. For common retail insurance products, KFSs should cover key product features such as coverage levels, deductibles, fees and charges, risks, information on cancellation, claims handling, and complaints processes, and other major rights and obligations under the contract. d. KFSs should indicate that they do not substitute for plain language insurance policies and forms. e. Insurance providers should be required to provide KFSs through a convenient channel, including at least the channels through which the insurance products are sold. f. KFSs should be retained by the provider and be available for inspection for a reasonable number of years. g. In developing KFSs requirements, the authority should work with the insurance industry and consumer groups to develop standardized templates. Insurance  81 Explanatory Notes Where KFSs include descriptions about the past perfor- In many instances, and for a variety of reasons—including mance of an investment product, such descriptions suggestions given by a salesperson—a consumer may not should be required to be fair and honest and to accu- read the contractual terms and conditions of an agree- rately reflect overall performance. KFSs should also indi- ment at all. Even when consumers want to read the terms cate that past performance is not a guarantee for future and conditions, they may not understand them, or often performance. the length of contracts might put them off or intimidate KFS requirements are usually established in regulation. them, particularly in the case of less sophisticated or illit- In developing KFS requirements, the authority should erate or low-literacy consumers, or in the case of products work with the insurance industry and consumer groups to being delivered electronically. develop standardized templates for major types of retail A KFS is a short, plain language document that gives a insurance products, as comparability across providers is prospective customer a concise summary of the key fea- one of the main functions of a KFS. KFSs should be con- tures and risks of that insurance product. The KFS is cise, so as not to increase the burden of documents that intended to reduce consumer confusion regarding what is consumers need to review, and do not substitute for the and is not included in an insurance contract and provide need to simplify policy documents for retail insurance consumers with a mechanism to easily compare the key products. Consumer behavioral research and consumer aspects of different insurers’ products. KFSs are consistent testing of KFSs can be used to test whether a standard- with Principle 4, “Disclosure and Transparency,” of the G20 ized template is effective, particularly with different popu- High-Level Principles on Financial Consumer Protection. lation segments. If digital channels are being used and KFSs are particularly important for investment prod- documentation is primarily electronic, providers should ucts. A KFS for a typical investment product should still ensure that the KFS is prominently displayed. The include the following information: authority and the industry should also work together to identify any particular circumstances and situations in • Name and type of product which it may be impractical to provide the consumer with • Name of issuer and company information a KFS prior to purchase—for example, telephone pur- • Simple description of the product chases of low-risk products that the consumer has pur- • Description of key risks and level of risk chased previously. • Fees and charges Many jurisdictions effectively use KFSs. They include • Intermediaries remuneration Australia, Canada, the European Union, Hong Kong (for • Cooling-off period investment-linked assurance scheme products), the • Whether the product provides any financial guarantees United Kingdom, and the United States. B5: STATEMENTS AND ONGOING POST-SALE COMMUNICATIONS a. Once a policy has been accepted, insurers should provide confirmation of cover and policy documentation. b. Policy documents must be consistent with the insured’s application or an authorized amended application for insurance. c. At a minimum, customers should receive periodic statements of the value of their policy in the case of insurance savings and investment contracts. For traditional savings contracts, this should be provided at least yearly; however, more frequent statements should be produced for investment-linked contracts. For multiyear insurance products, annual statements should be provided to confirm continuation of policy coverage. d. Customers should be provided with renewal notices a reasonable number of days before the renewal date for non-life policies. If an insurer does not wish to renew a contract, it should also provide a reasonable notice period to allow the consumer to find replacement coverage (for example, six months, unless there are extenuating circumstances). e. Ongoing post-sale communications should be required to be provided using at least the channel through which the policy was sold—that is, aligned to the manner in which the policy was signed—to avoid confusion or undue burden on the consumer. f. The same obligations listed herein apply to intermediaries where they participate in policy-servicing tasks. 82   Good Practices for Financial Consumer Protection Explanatory Notes lished in the policy documents themselves. Most authori- After an insurance policy is approved, it is important that ties assess adherence with these requirements through the insured receive full policy documentation outlining policy review, investigation of complaints, and on-site their obligations and entitlements. In addition, during the review of the insurer’s policies, procedures, and internal life of the policy, the insured should receive periodic state- controls related to servicing business. Insurance law rarely ments outlining basic information about the coverage. deals with customer account handling in any detail, partly In regards to life insurance policies and annuities, the reflecting the large variation in requirements needed for following information should be required to be included different products. at a minimum: When establishing such requirements in less devel- oped markets and low- to middle-income economies, • Participation rights in surplus funds regulators should consider the costs to the consumer and • The basis of calculation and state of bonuses the provider. With the increased use of computers and mobile phones as channels to access and manage insur- • The current cash surrender value ance policies, some consumers may wish to receive, • Premiums paid to date access, or download statements or other types of ongoing disclosures more or less frequently. Whenever possible, • For unit-linked life insurance, a report from the invest- choices on frequency, channels, and formats should be ment firm (including performance of underlying funds, left to consumers. For example, insurance providers changes of investments, investment strategy, number should not be prohibited from using opt-out clauses (that and value of the units and movements during the past is, making electronic statements the default option) for year, administration fees, taxes, charges and current certain insurance policies that are sold entirely electroni- status of the account of the contract) cally (for example, mobile microinsurance). When estab- For customers receiving periodic statements on the value lishing requirements on statements or other types of of their policy, there should be a means to question the ongoing disclosures, regulators should also be cognizant accuracy of the transactions recorded in the statement of constraints relating to the efficiency of the postal ser- within a stipulated period. (See section E, “Dispute Res- vice or to consumers not having a formal fixed address. In olution Mechanisms.”) such cases, insurance providers may be required to make In practice, minimum regulatory requirements regard- statements available for collection by consumers in ing the provision of information are set out in insurance branches or outlets, or substitute paper-based statements contracts legislation, and requirements should be estab- for electronic versions. B6: NOTIFICATION OF CHANGES IN RATES, TERMS, AND CONDITIONS a. The insurer should notify policyholders of their rights and obligations regarding any changes in terms and conditions provided for in the policy at point of sale. b. If the insurer wishes to change a policy rate, term, or condition, and the change is not expressly provided for in the insurance contract, the insurer should be required to notify and seek the consent (including in electronic form, if feasible) of the policyholder to amend the contract. c. The insurer should also notify the policyholder of major changes permitted by the contract that could affect the policyholder’s willingness to continue the policy, such as changes in insurer ownership. Explanatory Notes dealt with. In addition, policyholders should be made From time to time, insurers may wish to change the aware of significant changes in the operations of the terms or conditions of insurance contracts affecting the insurer that could affect the policyholder’s willingness to interests of policyholders. In such circumstances, it is continue the policy. Good public disclosure of insurer important that legislation governing the terms of insur- information can help in this regard. (See B7, “Public Dis- ance contracts define how those changes should be closure of Insurer Information.”) Insurance  83 B7: PUBLIC DISCLOSURE OF INSURER INFORMATION a. Insurers should be required to disclose relevant, comprehensive, and adequate information to consumers on a timely basis, in order to give consumers and market participants a clear view of the insurers’ business activities, performance, and financial position. b. At a minimum, information should be disclosed on the following: Company profile (nature of business, products, external environment, business strategy and objectives, i. corporate structure, corporate governance framework) Enterprise risk management and internal controls ii. Technical provisions (valuation method and assumptions) iii. Capital adequacy (capital management policy, regulatory capital resources, regulatory capital iv. requirements, and internal model, if used) Investments (investment policy, valuation method and assumptions, sensitivity to market variables) v. Financial performance (earnings, claims, pricing, investment returns) vi. c. Disclosed information should be provided in a manner that is useful for determining an insurer’s fair treatment of consumers—for example, it should be timely, current, meaningful, and comparable between insurers operating in the same market. Explanatory Notes ment of consumers and conduct of business risk. The core Public disclosure of information on the business practices principles also require that such information be useful in of insurers can be a powerful tool, influencing purchasers decision making, timely and up to date, and comprehen- of insurance products and helping to ensure their fair sive and meaningful, among other requirements. treatment. Detailed financial and operational information The new standard requires regulators to reconsider are most useful to advisors and members of the specialist disclosure requirements placed on insurers and to media, who can act as information intermediaries for the broaden the information that insurers must provide to the benefit of consumers. Simple metrics such as solvency public, including aggregate information on fair treatment, ratios, complaint ratios, and financial strength ratings are such as insurer complaint handling statistics. Usually, insur- more appropriate for the general consumer. ers are required to provide this information on websites In the past, most jurisdictions have required insurers to and in annual reports. disclose basic financial statement information, but the Internationally, this is still an area that is in transition. new Insurance Core Principles require that a much broader Leading jurisdictions on these new approaches include range of information be disclosed, including information the United States and the United Kingdom. that may be useful to the public in considering fair treat- C: FAIR TREATMENT AND BUSINESS CONDUCT C1: UNFAIR TERMS AND CONDITIONS a. There should be legislated requirements to prevent unfair terms and conditions from being established in insurance contracts or in sales practices—for example, warranty clauses, compulsory arbitration on the insurer’s terms, and so forth. In addition, the authority should have the power to prohibit unfair, deceptive, or misleading forms of contracts. b. Claims should not be deniable or adjustable if nondisclosure of information on the part of the insured is discovered at the time of the claim but is immaterial to the proximate cause of the claim. 84   Good Practices for Financial Consumer Protection c. Contracts should not include unreasonably short timeframes for providing proof of loss—that is, there should be reasonable interpretation of requirements that the insured notify the insurer of the loss immediately and deliver to the insurer a proof of loss as soon as practicable. d. Contracts should not allow unreasonable delays in loss payment after proof of loss has been provided (for example, more than 60 days in most instances). e. Contracts should not include unfair and unreasonable provisions limiting the timeframe for commencing a court action or proceeding against an insurer in relation to the contract, be it before an external dispute resolution mechanism (see E2) or before a court of law (for example, less than two years after the date on which the cause of action against the insured arose). f. Whenever an insurer contracts with a merchant or credit grantor (including banks and leasing companies) as a distribution channel, coercive bundling or tied selling of products should be prohibited. Explanatory Notes Coercive tied selling can be defined as undue pressure The asymmetric nature of insurance transactions has, in imposed on a consumer to obtain a product or service the past, resulted in a number of unfair practices being from a bank or its affiliates as a condition for obtaining used in insurance contracts or in sales practices. another product or service from the bank. This means that Unfair contractual provisions are usually dealt with as a banking consumer, one cannot be put in a position of through specific provisions in the law dealing with insur- undue pressure to purchase a particular insurance product ance contracts. This is often supplemented by providing from a specific insurer in exchange for being granted the authority with discretionary powers to prohibit unfair, approval for another product or service. misleading, or deceptive forms of contract. C2: SALES PRACTICES AND CONFLICTS OF INTEREST a. Regulatory requirements should ensure that high-pressure sales tactics or misrepresentations during the sales process are not permitted. b. Insurer salespeople and intermediaries and their salespeople should be held accountable for altering customer forms or asking customers to sign blank or incomplete forms. c. Insurer salespeople and intermediaries should be held accountable for verbal misrepresentations or half-truths or omissions in the sale of insurance products. d. Insurer salespeople and intermediaries should be held accountable for downplaying or dismissing warnings or cautionary statements in written sales materials. e. Insurer salespeople and intermediaries should be held accountable for proper handling and remittance of client funds to the insurer. f. Insurers and intermediaries should be required to disclose any potential conflicts of interest where they cannot be avoided, particularly when customers receive advice from a licensed financial adviser before concluding an insurance contract. Explanatory Notes lishment of such requirements should be accompanied by a system to investigate perceived contraventions and Inappropriate sales practices penalize those who have been found to violate the High-pressure sales tactics and other inappropriate sales requirements. practices sometimes found in multilevel selling should The main sources of guidance on insurance sales prac- be prohibited through regulatory rules or a code of prac- tices in the European Union are the EU Insurance Distribu- tice applying to salespeople and intermediaries. Estab- tion Directive, the consolidated Life Assurance Directive Insurance  85 (chapter 4 and annex III), the numerous directives cover- goods, and hospitality. Conflicts of interest can arise when ing non-life insurance and motor insurance, and the Medi- intermediaries or salespeople who represent the interests ation Directive. Some EU members, such as the United of customers receive inducements from insurers affecting Kingdom, have disclosure and sales practices that are the independence of advice given to the customer. substantially stronger than those of the Life Assurance To ensure that insurers and insurance intermediaries Directive and the Mediation Directive, including requiring act in the best interests of customers, it is important that that full records (sometimes including recordings) of sales the authority require that all reasonable steps be taken transactions are maintained. to identify and manage conflicts of interest through In addition, regulation should ensure that providers of appropriate policies and procedures. This is primarily an digital finance keep records of consumer transactions, issue for the life insurance industry and the sale of invest- marketing materials, and other forms of disclosure; have ment products. such records available for the supervisor; and provide Conflicts of interest may be managed in different ways. copies to consumers upon request. Appropriate disclosure and informed consent from cus- This approach imposes operational costs that may be tomers is the most common approach. Many jurisdictions difficult to recover through margins for policies with very require that consumers be informed whether the interme- low premiums and could constitute a potential obstacle diary selling them an insurance contract is acting for them to microinsurance. In such cases, authorities may want to or for the insurer, and whether the intermediary will receive pay particular attention up front to sales materials and a commission for the sale of the product. Sometimes juris- procedures instead. For products with low premiums or dictions will also require disclosure of the amount of the short policy durations (hence frequent renewals) that are commission for major investment products. Conflicts of often characterized by nontraditional distribution and a interest may also be managed through rules on compen- bundled nature, policy makers may wish to consider sation arrangements, as further addressed in C7, “Com- requirements for sales practices that are proportionate pensation of Staff, Agents, and Intermediaries.” Policy and should motivate insurers—who retain ultimate makers in emerging markets should also consider how responsibility—to develop suitable approaches, such as best to adapt disclosure practices for mature clients in intermediary COCs. Standardized microinsurance prod- mature markets for first-time insurance clients in emerging ucts whose features are disseminated via mass media, markets, particularly to balance policy interests in increas- and standardized KFSs customized to microinsurance ing outreach/inclusion with consumer protection. products and customers, are other alternatives to regulat- Managing conflicts becomes particularly important ing sales transactions. when an intermediary is a licensed financial adviser. It has Other important directives include Directive 2002/65/ been recognized that different remuneration structures, EC of the European Parliament and Council concerning including kickbacks and commissions, have created the distance marketing of consumer financial services; adverse incentives for advisers, sometimes leading to Directive 97/55/EC on comparative advertising; and aggressive sales practices being mislabeled as “indepen- Directive 2005/29/EC on unfair commercial practices, dent advice.” This has become an issue particularly in the which sets out misleading practices (Articles 6 and 7) with area of complex and long-term products such as life insur- 23 examples in the annex, and aggressive practices (Arti- ance policies. In order to address this challenge and regu- cles 8 and 9) with 8 examples. In Article 10, it is explicitly latory gap, some countries have adopted rules specifically stated that unfair commercial practices may be controlled governing the provision of financial advice intended to through COCs. Further, there can be recourse to out-of- address these potential conflicts of interests. Australia court settlement, but the latter is not equivalent to judicial imposes an obligation on financial advisers to provide or administrative recourse. fee-disclosure statements and an opt-in obligation that requires advisers to renew their clients’ agreement to Managing potential conflicts of interest ongoing fees every two years. In Singapore, where the Conflicts of interest can take many forms, but perhaps the Financial Adviser Act applies to licensed financial advisers most common results from inducements paid to salespeo- who provide advice on investment and life insurance ple and intermediaries.10 An inducement can be defined products, financial advisers must disclose, in writing, all as a benefit offered to an insurer or intermediary, or any remuneration, including any commission, fee, and other person acting on its behalf, with a view to that firm/person benefit, for making any recommendation. If remuneration adopting a particular course of action. This can include is not quantifiable, the financial adviser should give its cli- but is not limited to cash, cash equivalents, commission, ent a description of how it will be remunerated. 86   Good Practices for Financial Consumer Protection C3: PRODUCT SUITABILITY a. Insurers should take into account the needs and interests of different types of customers when developing and marketing insurance products, to ensure that products are not mis-sold. b. Before concluding a contract or giving advice regarding an insurance product, insurance salespeople and intermediaries should obtain, record, and retain sufficient information from their customers to assess the customer’s insurance needs—for example, the customer’s financial knowledge and experience, needs, priorities, circumstances, ability to afford the product, and risk profile. c. Insurers and intermediaries should ensure that, where consumers receive advice before concluding an insurance contract, such advice is appropriate to the consumer’s disclosed needs and circumstances. They should also retain a record of the advice provided. Explanatory Notes circumstances as a complete substitute for individual assessments of product suitability. Product development and suitability Requirements to take into account the interests of different Providing advice types of consumers generally take two forms. In some juris- Provision of advice goes beyond providing basic product dictions, a product approval approach is required, whereby information and relates specifically to the provision of a the authority reviews insurance products to ensure that recommendation on the appropriateness of a product to they are appropriate for a target market and are unlikely to the disclosed needs of the customer. Insurers and interme- be mis-sold. In other jurisdictions, a principles-based diaries should seek information from their customers that approach is followed, which places the onus on the insur- is appropriate for assessing their insurance needs before er’s board and senior management to ensure that the giving advice or concluding a contract. They should also products it develops are marketed in a responsible man- document the information they receive. This information ner. Many jurisdictions in the United States follow the first may differ depending on the type of product and may, for approach, while the United Kingdom follows the latter. example, include information on the customer’s In countries where the insurance sector is in an early • Financial knowledge and experience; stage of development, consideration should be given to • Needs, priorities, and circumstances; the extent to which product suitability rules can be practi- • Ability to afford the product; and cally applied without substantially overburdening insurers • Risk profile. and intermediaries and impairing the healthy growth of the insurance sector. In countries where the provision of In cases where advice would normally be expected and insurance products via digital channels is evolving fast, the customer chooses not to receive advice, it is advisable such as via mobile phones and the Internet, suitability that the customer be required to sign an acknowledgment requirements may need to be adapted for new, innovative to this effect. The authority may also wish to specify partic- business models. For example, data analytics based on ular types of policies or customers for which advice is not big data and alternative data may not be appropriate in all expected to be given, such as for very simple products. C4: CUSTOMER MOBILITY AND COOLING-OFF PERIODS a. When an insured cancels a general insurance contract to which no cooling-off period applies, the insurer should provide, at a minimum, a refund of unearned premium less a short-rate cancellation penalty (for example, 10 percent of unearned premium), unless an alternative provision is specified in the contract. b. There should be a reasonable cooling-off period associated with the sale of any traditional investment or long-term life savings contract, to deal with possible high-pressure selling and mis-selling. c. A cooling-off period is also appropriate for distance marketing sales of insurance products. Insurance  87 Explanatory Notes for products and services determined for immediate con- sumption or susceptible to fast alteration, such as short- Cancellation of insurance contracts term investments. Legislation covering general insurance contracts should Cooling-off periods are an important safeguard that establish standards for the refund of unearned premiums enables an individual to withdraw from an arrangement when an insured decides to terminate the contract and with impunity. A consumer is granted a time period of a there is no specific provision in the policy. Typically, such reasonable number of days (at least three to five business provisions require the insurer to refund unearned premi- days) immediately following the signing of any agreement ums less a reasonable fee for administrative cost. between the financial institution and the consumer, during In some circumstances, however, due to the special which the consumer may cancel the contract without pro- nature of the product (such as hard-to-place insurance viding any specific reason. Specifically, the consumer coverage or index-based insurance, where the insured should be permitted to cancel or treat the agreement as can predict the likelihood of claims payment before the null and void without penalty of any kind (unless the cool- end of the insurance duration), alternative provisions in ing-off period is explicitly waived in advance by a con- the case of cancellation may be specified in the insurance sumer in writing). When justified, necessary and reasonable contract. In such cases, consumers should be made aware expenses incurred by the financial institution due to can- of such provisions when the features of the contract are celation of the contract (for example, an administration explained to them. fee) may not be returned to the customer, thus presenting the only burden born by the customer in relation to exer- Cooling-off periods cise of the cooling-off period right.11 These provisions are intended to address situations where Policy makers should take into account multiple issues a consumer should have the opportunity to step back and when considering a cooling-off period. Specifically and cancel a contract within a reasonable period after it has prominently, policy makers should assess whether con- been signed. Cooling-off periods are typical for financial sumers are likely to be susceptible or subjected to (i) emo- products or services with a long-term savings component tional decisions, (ii) shopping without comparison, (iii) (such as life insurance), complex financial products (such sales pressure, (iv) information asymmetry, and (v) mis-sell- as life insurance), costly long-term financial products (such ing. In such situations, cooling-off periods may provide an as regular investments), or products that are subject to additional time for reflection, information research, and high-pressure or unconventional sales tactics (such as life comparison shopping. insurance, consumer credit, and some types of invest- The right of withdrawal is enshrined in the Article 6 of ments). Typically, cooling-off periods have been adopted the EU directive on distance marketing of consumer for life insurance products due to their specific features: (i) financial services. According to its provisions, the con- highly abstract products and risks, (ii) long-term timelines, sumer has the right to withdraw from a contract without (iii) frequent investment components, (iv) difficulty verify- penalty and without giving any reasons. The periods vary ing the quality of products in advance, (v) sales through by product and are longer for insurance contracts. The agent and broker networks, and (vi) associations with period of withdrawal typically begins with the conclusion aggressive sales techniques and mis-selling. For instance, of the contract and typically is in the range of two weeks consumers may be exposed to pressurizing sales tactics (14 calendar days, as stated in the aforementioned direc- exaggerating concerns about the family after the bread- tive). The EU Life Assurance Directive specifies a cool- winner’s death. Another area typical for cooling-off peri- ing-off period of between 14 and 30 days after the ods would be non-life insurance policies with characteristics “contract has been concluded.” similar to those noted above. Cooling-off periods have Cooling-off periods are common for long-term insur- also been traditionally adopted for door-to-door sales. ance products such as life insurance in developed coun- Cooling-off periods should also be considered for tries, such as Singapore, and in some emerging markets. insurance products sold remotely without human contact, They cover a relatively wide range of insurance products in such as by phone or over the Internet, given that the con- other countries, such as Australia.12 Typically, cooling-off sumer may not fully understand the product and that a periods for long-term insurance products are longer than salesperson will have less chance to comprehend whether cooling-off periods for securities (including investment- the consumer has understood the key features and risks of linked life contracts) because of the onerous early-termina- the product given the more limited in-person interaction. tion penalties that apply to many traditional life insurance In France, a cooling-off period applies to all insurance savings contracts. In other countries, such as Japan, cer- products sold via distance marketing channels. tain products such as variable annuities have cooling-off Not all insurance products require a cooling-off period, periods incorporated into their design. however. Typically, cooling-off periods are not appropriate 88   Good Practices for Financial Consumer Protection C5: PROFESSIONAL COMPETENCE a. Key insurer staff, including directors, senior management, and people in charge of control functions, should be suitable to fulfill their roles. The regulatory framework should require that key officers and directors be able to demonstrate competence and integrity to the authority. b. Indicators of integrity can include the absence of a criminal record; the absence of financial misconduct, personal bankruptcy, or serious regulatory breach; and the absence of disputes with previous employers concerning incorrect fulfillment of responsibilities. Indicators of competence include professional education, training, and experience directly related to the requirements of the position. c. Insurer salespeople and insurance intermediaries engaged in the activity of soliciting, negotiating, or selling insurance contracts should possess high levels of integrity and competence. d. For intermediaries, professional competence should be assessed through ongoing licensing, disciplinary, and professional development requirements. For insurer sales staff, this can be assessed through examination of internal training and control systems of the insurer. Explanatory Notes and ongoing supervision activities. Complex products As insurance is a business of trust, it is important that key require greater knowledge and experience than simple insurer staff, insurer sales staff, and intermediaries be fit ones, and licensing systems usually require a higher and proper. For key insurer staff, professional knowledge, licensing standard for those who engage in their sale. experience, and training requirements usually depend on Many jurisdictions have established separate graduated the specific business the insurer is engaged in and the licensing programs for general and life insurance, requir- person’s position in the organization. For sales staff and ing completion of a defined curriculum and examinations intermediaries, competence relates to how individuals for each level of licensing. Leading jurisdictions in this area perform their responsibilities at point of sale. include Australia, Canada, Singapore, South Africa, and In practice, regulation and supervision of these require- the United Kingdom. ments is conducted through a combination of licensing C6: AGENTS AND INTERMEDIARIES a. Regulations should clearly specify agent and intermediary licensing requirements. b. Licensing regimes should include requirements for suitability, competency, professional conduct, and discipline of intermediaries. c. As part of their licensing requirements, agents and brokers should be required to hold professional errors-and-omissions insurance relating to the conduct of their business. d. Licensing requirements should not relieve insurers from responsibility for appropriate oversight and control of their in-house sales staff and their agency distribution channels. Explanatory Notes tency, professional conduct, and discipline. Professional As discussed above, insurance agents and intermediaries indemnity insurance should also be required for error and should be licensed. Licensing helps ensure that interac- omissions by intermediaries in the conduct of insurance tions with consumers at point of sale, which generally business. result in a large portion of insurance consumer com- Establishment of a licensing system should not be plaints, are conducted in a professional manner. The viewed as relieving insurers of their responsibility to over- licensing function should extend beyond simple registra- see and control their product distribution network, nor tion and include clear requirements for suitability, compe- should it be interpreted as excluding the insurer’s liability Insurance  89 for agent or broker misconduct. Insurers should closely In countries where inclusive insurance is developing with monitor agents and intermediaries on an ongoing basis. the use of alternative distribution channels that are able to Monitoring should include the following: overcome previous barriers to delivery, regulators should consider crafting tailored requirements so that they sup- • Establishment of clear policies, procedures, and con- port innovative distribution channels while addressing the trols to address conduct of business risks in agency particular consumer protection challenges raised by such agreements channels. One way of doing this is to define and regulate • Training and testing activities microinsurance, and to allow special distribution channels • Observing interviews with clients for it, while also requiring special consumer protection measures—for example, with respect to product simplic- • Audit of client files ity, financial literacy levels of target consumers, and ser- • Complaints handling investigations vice levels. C7: COMPENSATION OF STAFF, AGENTS, AND INTERMEDIARIES a. Insurers and intermediaries should be required to have a compensation policy that does not induce excessive and inappropriate risk taking and is in line with ensuring the fair treatment of consumers. b. Such policies should require that the use of heavy front-end loaded commission schemes that induce unnecessary churning of insurance policies is prohibited. c. To the extent possible, remuneration practices should not result in conflicts of interest on the part of insurer sales staff and intermediaries. If they do, the insurer should ensure that conflicts are properly managed. d. To the extent possible, prior to the sale of most products or services that will result in a commission to a staff member or an agent, the fact of the commission and its amount should be disclosed to the consumer. Explanatory Notes for transactions of investment products in favor of an As noted in C2, “Sales Practices and Conflicts of Interest,” approach based on flat fees, as is currently proposed conflicts of interest with respect to staff and agent com- in South Africa pensation may be managed in different ways. In cases In the most advanced jurisdictions, strong mechanisms where the authority may have concerns about the ability of to protect consumers from conflicts of interest have disclosure to deal adequately with conflicts of interest, the evolved over a long time while insurance markets authority may consider requiring other options with respect matured.13 In most countries, that is not yet the case. to the structure of compensation models for staff and Often, a more immediate policy priority is how to include agents in order for insurers and intermediaries to manage more people in formal insurance markets. In such circum- such conflicts. stances, the conflicts of interest that are inevitable in Examples from some jurisdictions in place or under insurance should be approached accordingly. For exam- consideration include: ple, a particular distribution channel may reach large • Requiring the insurer or the intermediary to decline the numbers of consumers that would not otherwise be transaction served by insurers in a cost-effective and sustainable manner, but the channel may demand a (proportion- • Prohibitions on certain types of financial interest, such ately) high commission. The fact that consumers buy and as contingent commissions to intermediaries based on renew such insurance may be taken as evidence that the volume of insurance business or profitability of business utility of such products outweighs the possible draw- • Structural changes to the retail distribution model, such backs from conflicting interests and imbalanced bargain- as by prohibiting the payment or receipt of commission ing power. 90   Good Practices for Financial Consumer Protection D: DATA PROTECTION AND PRIVACY14 D1: LAWFUL COLLECTION AND USAGE OF CUSTOMER DATA a. Insurers and intermediaries should be allowed to collect customers’ data within the limits established by law or regulation and, where applicable, with the customer’s consent. b. The law or regulation should establish rules for the lawful collection and use of data by insurers and intermediaries, including when consumer consent is required, and clearly establishing at a minimum How data can be lawfully collected; i. How data can be lawfully retained; ii. The purposes for which purposes data can be collected; and iii. The types of data that can be collected. iv. c. The law or regulation should provide the minimum period for retaining all customer records, and throughout this period, the customer should be provided ready access to such records for a reasonable cost or at no cost. d. For data collected and retained by insurers and intermediaries, insurers and intermediaries should be required to comply with data privacy and confidentiality requirements that limit the use of consumer data exclusively to the purposes specified at the time the data were collected or as permitted by law, or otherwise specifically agreed with the consumer. e. Legislation should provide a means by which individuals can correct what they believe to be erroneous personal information. f. If individuals have concerns or complaints regarding the handling of their personal information, the insurer should have an officer to handle enquiries and complaints regarding personal information. Explanatory Notes • The fact that privacy is a fundamental human right Insurers and intermediaries collect many different types of deserving of protection, as indicated in various inter- information from and regarding their customers, including national instruments to which many countries are sig- personal information, contact details, consumer agree- natories15 ments, and so forth. Given the potential for abuse and mis- Insurers and intermediaries should be allowed to legally use of such information, it is essential that this type of collect, retain, and use personal information after obtain- collection is regulated to avoid the risk of potential harm to ing lawful and informed consent from the consumer or consumers. For example, insurers and intermediaries may on some other legitimate basis, including when related otherwise collect sensitive data and use the information for to the provision of the specific insurance product or ser- unfit purposes that may harm consumers—for example, to vice the consumer acquired. International guidance is sell them products at higher prices. The various reasons for clear in establishing that “the collection of personal data ensuring privacy and data protection include: and any such data should be obtained by lawful and fair • The sensitivity of the personal information held and means and, where appropriate, with the knowledge or used in insurance products consent of the data subject.”16 While the concept of lawful collection of data differs substantially both among juris- • The extensive information flows that take place, such dictions and among international guidance and princi- as between insurers and intermediaries and between ples, lawful and informed consent represents an underlying members of a corporate group that includes one or and cross-cutting them. What constitutes informed con- more financial service providers sent can also pose challenges, particularly where adhe- • The ever-increasing likelihood of information being sion contracts are common, or with respect to mobile or received and held electronically, with a corresponding internet insurance. increase in the risk of remote, unauthorized access Further, following the approach of treating data pri- vacy as a human right, Convention 108 of the Council of Insurance  91 Europe (COE Convention)17 establishes that data shall tion to that purpose and is necessary for the insurer, undergo automatic processing only for a legitimate pur- intermediary, or service provider to fulfill its obligations pose, and that certain categories of sensitive data cannot to the client. Information should be considered legally be processed automatically, unless national legislation used only if it is processed for the purpose it was col- provides appropriate safeguards.18 lected. If this issue is not regulated by law or regulation, Insurers and intermediaries may also have incentives to there is a risk that insurers and intermediaries may collect store personal information for longer than necessary. information for certain purposes for which customers Therefore, the major international instruments also require may be willing to give consent, but then use that same limitations be placed on data retention.19 For example, information for other purposes that may be detrimental the COE Convention states that data must be “preserved to customers’ interests and for which the customer may in a form which permits identification of the data subjects not otherwise have given consent. In addition, personal for no longer than is required for the purpose for which information should be obtained directly from the individ- those data are stored.”20 ual who applies for a policy. If information is required Overall, a guiding principle for legislative require- from any other source, the individual concerned should ments in this area is that an insurer, an intermediary, or a be notified, and the person’s written authorization should related service provider should ensure that personal be obtained whenever possible. information in its custody or under its control is used only The use of medical and genetic (biometric) information for the purpose for which that information was obtained for the acceptance/decline and rating of life-related risks or compiled, or for a use consistent with that purpose— is currently an area of debate but is not within the scope for example, the use has a reasonable and direct connec- of these Good Practices. D2: CONFIDENTIALITY AND SECURITY OF CUSTOMERS’ INFORMATION a. Insurers and intermediaries should be required to have and implement policies and procedures to ensure confidentiality, security, and integrity of all data stored in their databases that relate to their customers’ personal information, accounts, and transactions. b. In order to ensure confidentiality, when establishing policies and procedures, insurers and intermediaries should also establish different level of permissible access to customers’ data for employees, depending on the role they play within the organization and the different needs they may have to access such data. c. In order to maintain the security of customers’ data, insurers and intermediaries should also be required to have and implement policies and procedures to ensure security related to networks and databases. d. Insurers and intermediaries should be held legally liable for misuse of consumer data. e. Insurers and intermediaries should be held legally liable for any breaches in data security that result in loss or other harm to the customer and should put in place clear procedures to deal with security breaches, including mechanisms to reimburse or compensate consumers. Explanatory Notes confidentiality and the security of personal information. In the insurance business, information confidentiality and Information that a consumer expects to be confidential security is obviously important since the collection, stor- should be treated as such. Customers should be informed age, and processing of information can involve a signifi- about which information might be disclosed and to cant amount of financial, medical, and personal information. whom. In addition, treatment of personal information Safeguarding personal and financial data is one of the key should not depend on the medium through which the responsibilities of the financial services industry and par- information is received—that is, written, electronic, and ticularly insurance intermediaries. so forth. While legislative requirements are often estab- Although consumer protection and privacy regula- lished in general laws or regulations, the conduct of insur- tions vary from jurisdiction to jurisdiction, insurers and ers and intermediaries with regard to compliance with intermediaries have a clear responsibility to provide their these requirements should be part of the ongoing super- customers with a level of comfort regarding information vision and assessment work of the authority. 92   Good Practices for Financial Consumer Protection The confidentiality of personally identifiable informa- sonal data (chapter 1, articles 1–3), the COE Convention tion—that is, any information about an identified or iden- (chapter 1, “General Provisions”), and the APEC Privacy tifiable individual—is protected under several international Framework (part ii, “Scope”). agreements, such as the Organisation for Economic Technical security is also demanded under the above Co-operation and Development’s (OECD) Guidelines guidelines and directives. A more detailed guideline on Governing the Protection of Privacy and Transborder such security has been provided by the OECD Guidelines Flows of Personal Data (Article 2, “Scope of Guidelines”) for the Security of Information Systems and Networks. and the United Nations’ Guidelines for the Regulation of In the United States, the Federal Trade Commission Computerized Personal Data Files, adopted by the Gen- has established guidelines in the form of Standards for eral Assembly on December 14, 1990 (section A, “Princi- Safeguarding Customer Information, which obligates ples Concerning the Minimum Guarantees That Should financial institutions to hold customer information secure Be Provided in National Legislation”). Further, important and confidential.21 In Canada, insurers are bound by per- statutes are the EU Directive 1995/46/EC, on the protec- sonal information and privacy law requirements. tion of individuals with regard to the processing of per- D3: SHARING CUSTOMER INFORMATION a. The law should provide for rules for the release to and use of customer information by certain third parties such as government authorities, credit registries or credit bureaus, and collection agencies. b. Whenever an insurance provider is required to share a customer’s information with third parties by law, the provider should be required to inform the customer in writing in a timely manner of The third party’s precise request i. The specific information about the consumer that has been or will be provided ii. How and when that information has been or will be provided and how it will be used iii. c. Subject to the exceptions noted in clauses D3(a) and (b), above, the sharing of a customer’s personal information with third parties should require the customer’s prior written consent as to the form and purposes for which the information is shared, unless the third party is a reinsurer, an agent of the insurer, or the intermediary, and the information is being used for a purpose that is consistent with the purpose for which that information was originally obtained. d. Before any such sharing for the first time, the insurance provider should be required to first inform the consumer in writing of his or her data privacy rights in this respect. e. Insurance providers should be required to allow consumers to stop or opt out of the authorized sharing of information regarding the consumer by the financial service provider (unless such sharing is mandated by law). f. In the case of tied products, the consumer should be informed if a third party will have access to the consumer’s information. g. Unless it is a credit bureau or credit registry, the law should prohibit the disclosure of the personal information by a third party with whom the client’s information is shared. Explanatory Notes that consent is given to such information sharing, even Customers should be aware of how information can be though it may be limited only to the specific uses to which shared with third parties, including within the various units the customer consents. Protection of personal information or subsidiaries of a financial institution. Insurers and inter- should extend to third parties with whom an insurer or mediaries should be prohibited from disclosing consumer intermediary may wish to deal. If the information is to be information to third parties for unauthorized—that is, used for a purpose other than originally intended, the without the consumer’s prior consent—uses, such as for individual should be notified and their consent should be marketing purposes. sought. A customer should also be able to opt out of shar- Many of these shared uses can be beneficial for a cus- ing non-policy related information if the customer does tomer, but the customer has the right to affirmatively state not find such information sharing to be useful or beneficial to him or her. Insurance  93 Governmental regulatory authorities have the need to combatting the financing of terrorism (AML/CFT). The obtain customer information for regulatory purposes and instances where this is permitted, as well as procedures law enforcement purposes, such as to monitor suspicious for notification or situations where notification is not transactions for the purposes of anti–money laundering/ required, should be stated clearly in the law. E: DISPUTE RESOLUTION MECHANISMS E1: INTERNAL COMPLAINTS HANDLING a. Insurers and intermediaries should be required to have an adequate structure in place as well as written policies regarding their complaints handling procedures and systems – that is, a complaints handling function or unit, with a designated member of senior management responsible for this area, to resolve complaints registered by consumers against the insurer or intermediary effectively, promptly and justly. b. Insurers and intermediaries should be required to comply with minimum standards with respect to their complaints handling function and procedures. These include the following: Resolve a complaint within a maximum number of days, which should not be longer than the maximum i. period applicable to a third-party external dispute resolution mechanism. (See E2.) Make available a range of channels, such as telephone, fax, email, web, and so forth, for submitting ii. consumer complaints appropriate to the type of consumers served and their physical location, including offering a toll-free telephone number to the extent possible, depending on the size and complexity of the insurance provider’s operations. Widely publicize clear information on how a consumer may submit a complaint and the channels made iii. available for that purpose, including on insurers’ and intermediaries’ websites, marketing and sales materials, KFSs, standard agreements, and locations where their products and services are sold, such as branches, agents, and alternative distribution channels. (See B1, “Format and Manner of Disclosure.”) Publicize and inform consumers throughout the complaints handling process, and particularly in the iv. final response to the consumer, regarding the availability of any existing ADR schemes. (See E2.) Adequately train staff and agents who handle consumer complaints. v. Keep the complaints handling function independent from business units such as marketing, sales, and vi. product design, to ensure fair and unbiased handling of the complaints, to the extent possible, depending on the size and complexity of the insurer or intermediary. Within a short period following the date the insurer or intermediary receives a complaint, acknowledge vii. receipt of the complaint in a durable medium—that is, in writing or in another form or manner that the consumer can store—and inform the consumer about the maximum period within which the insurer or intermediary will give a final response and by what means. Within the maximum number of days, inform the consumer in a durable medium of the insurer’s or viii. intermediary’s decision with respect to the complaint and, where applicable, explain the terms of any settlement being offered to the consumer. Keep written records of all complaints, while not requiring that the complaint itself be submitted in ix. writing—that is, allow for oral submission. c. Insurers and intermediaries should be required to maintain and make available to the supervisory authority up-to-date and detailed records of all individual complaints. d. The insurer’s or intermediary’s complaints handling and database system should allow the insurer or intermediary to report complaints statistics to the supervisory authority. e. Insurers and intermediaries should be encouraged to use analysis of complaints information to continuously improve their policies, procedures, and products. 94   Good Practices for Financial Consumer Protection Explanatory Notes mine that the complaints handling policies and proce- Complaints handling policies should be in a form that is dures are effective and being adhered to. satisfactory to the authority and should also be approved As insurers and intermediaries increasingly leverage by the insurer’s board. A complaint can be defined as an alternative distribution channels for product and service expression of dissatisfaction about the service provided delivery, the role of such channels in internal complaints by an insurer or intermediary. A complaint may involve a handling should be considered. For example, when insur- claim for a financial loss but does not include a pure ers and intermediaries serve consumers primarily through request for information. Knowledge of and access to agents that are closer in physical proximity to the con- complaints and redress mechanisms among emerging sumer, agents should be properly trained to receive and customers with low financial literacy deserve particular resolve simple complaints or to forward the complaint to attention. the insurer or intermediaries’ complaints handling unit. As an accumulation of complaints against insurers or Requirements for complaints handling policies are intermediaries can indicate possible conduct of business becoming common in several jurisdictions including Aus- (or solvency) problems, an ongoing analysis of policyhold- tralia, Canada, the European Union, Malaysia, Singapore, ers’ complaints is a key tool for conduct of business super- and the United States. vision in most insurance markets. Another key tool is For further details, see the explanatory notes for E1 in firm-specific supervisory activity (see A4, above) to deter- chapter 1, “Deposit and Credit Products and Services.” E2: OUT-OF-COURT FORMAL DISPUTE RESOLUTION MECHANISMS a. If consumers are unsatisfied with decisions resulting from the internal complaints handling at the insurer level, they should have the right to appeal, within a reasonable timeframe (for example, 90 to 180 days), to an out-of-court ADR body, that Has powers to issue decisions on each case that are binding on the insurer (but not binding on the i. consumer); Is independent of both parties and discharges its functions impartially; ii. Is staffed by professionals trained in the subject(s) they deal with; iii. Has an adequate oversight structure that ensures efficient operations; iv. Is financed adequately and on a sustainable basis; v. Is free of charge to the consumer; and vi. Is accessible to consumers. vii. b. The existence of the ADR, its contact details, and basic information relating to its procedures should be made known to consumers through a wide range of means, including when a complaint is finalized at the insurer or intermediary level. c. If the ADR has a member-based structure, all insurers should be required to be members. Explanatory Notes One of the most advanced systems is in Australia, A specialized insurance ombudsman or insurance claims where an insurance inquiries and complaints resolution and inquiries service (sometimes as part of an omnibus system based at a self-regulatory organization has evolved ombudsman service, as in the United Kingdom) is increas- into a fully-fledged financial services ombudsman.23 Some ingly regarded as a fundamental requirement for sound countries also use small claims courts to provide an afford- consumer protection. Twenty-eight countries are currently able means for the average customer to bring action members of the International Network of Financial Ser- against sellers, service providers, and corporations. How- vices Ombudsman Schemes.22 However, it can be difficult ever, such courts often lack sufficient transparency, capac- for an ombudsman to mediate and ameliorate the prob- ity, or specialized expertise in insurance issues. lems faced by policyholders effectively without clear For further details, see the explanatory notes for E2 in codes of insurance practice and standardized contracts. chapter 1, “Deposit and Credit Products and Services.” Insurance  95 F: GUARANTEE SCHEMES AND INSOLVENCY F1: GUARANTEE SCHEMES AND INSOLVENCY a. The existence of a policyholder protection scheme should be complementary to (not a substitute for) an effective and well-functioning insurance regulatory and supervisory system. b. The existence of a policyholder protection scheme should not be viewed as a substitute for meeting international standards with respect to the windup and exit of insurers from the market. These include i. Establishment of clear procedures for the windup and exit of an insurer in legislation that minimize the disruption and timely provision of benefits to policyholders Giving the rights and entitlements of policyholders a high legal priority in the event of an insurer ii. liquidation and windup c. Legislation establishing policyholder protection schemes should require clear specification of policyholders that are covered, classes of insurance covered, the limits of coverage, and mechanism for making a claim. d. Policyholder protection schemes, because of their opaque nature, should be subject to rigorous public reporting requirements and independent supervision and oversight to help ensure that they have the ability to meet their obligations. e. Consumers should be provided with clear information on what classes of insurance, products, and policyholders are covered, and the mechanism for making a claim. Explanatory Notes the liquidator to liquidate, and the involvement of the pol- While effective insurance regulation and supervision of icyholder protection scheme to ensure the payment of insurers can reduce the risk of harm to consumers, they guaranteed benefits, are more complex. cannot eliminate it. As a result, many jurisdictions have While the establishment of policyholder protection established policyholder protection schemes, the aim of schemes can bring a level of protection for consumers, which is to provide a minimum level of compensation to they also bring certain risks that need to be considered policyholders in the event of an insurer insolvency and/or when assessing consumer protection standards within a license revocation. The intent of these schemes is to guar- jurisdiction. First, these schemes are complicated to antee, in whole or in part, due payment of benefits or cov- establish, complicated to run, and difficult for consumers ered claims under insurance policies at the time of an to understand. Consumers need to be provided with clear insurer failure. Well-run schemes include those operating information on what classes of insurance, products, and in Canada and the United States. policyholders are covered, and the mechanism for making In the event of a failure of a non-life insurer, a liquidator a claim. In addition, scheme funding needs are complex, is usually appointed to manage the windup of its opera- involving sophisticated actuarial analysis and a combina- tions, and policyholders are advised to arrange new cov- tion of pre- and post-failure assessments and credit facili- erage with another (solvent) insurer in the market. Those ties. If schemes are poorly designed and run, they may who have outstanding claims become creditors in the liq- result in insurance consumers having a false expectation uidation process and may or may not receive payment of protection that leaves them in a poorer financial posi- during the windup. Policyholder protection schemes usu- tion than if no scheme existed. ally offer full or partial coverage to policyholders for Second, if policyholder protection schemes are not potential losses and act on behalf of the claimants in the complemented by an effective and well-functioning regu- liquidation process. In many jurisdictions, these schemes latory and supervisory system, they may end up being are restricted to compulsory classes of insurance, but in liable for substantially greater risk and financial payouts some, they cover a broader range of products. than originally intended. Third, unless there are clear poli- With life insurance products, while the objectives of cies, procedures, and requirements for the liquidation and the protection scheme and its involvement in the windup windup of insurers, they are likely to be ineffective in process are similar, the products are often more sophisti- meeting their stated purpose and simply complicate the cated and, often, insurer policies have longer terms and liquidation process. complex benefit provisions. As a result, the tools used by 96   Good Practices for Financial Consumer Protection The following papers provide a thorough discussion of the risks and benefits of these schemes: Policyholder Protection Schemes: Selected Considerations,” Working Papers on Finance, Insurance and Private “ Pensions 31 (OECD, 2013) Issues Paper on Policyholder Protection Schemes” (IAIS, 2013) “ NOTES 1.  See Mark King, “FSA Wins PPI Battle in High Court,” The Readers may wish to review recent EIOPA work on the 13.  Guardian, April 20, 2011, regarding the inappropriate sale inducement part of the 2016 EU Insurance Distribution of payment protection insurance. Directive, as well as Article 17. 2. The term conduct of business is used in this chapter as the Insurers and intermediaries gather vast amounts of data, 14.  equivalent of market conduct or financial consumer including personal information, in order to conduct their protection, as it is the term used more frequently in the daily tasks. This information is sensitive to misuse or insurance sector. breaches, which has the potential to cause harm to 3.  “Application Paper on Regulation and Supervision consumers. This section touches on only a few select issues Supporting Inclusive Insurance Markets” (IAIS, 2012). with respect to privacy and data protection that are most relevant to financial consumer protection. EcoLife was a free life insurance product (“freemium”) made 4.  available by Econet as part of a loyalty program. The prod- See, for example: (a) Universal Declaration of Human 15.  uct scaled up rapidly but was withdrawn after seven months Rights, Article 12 (United Nations, 1948), (b) European as a result of a dispute over royalties between the partner- Convention for the Protection of Human Rights and ing parties (Econet, FML, and Trustco). As a result, around Fundamental Freedoms, Article 8 (European Court of 1.6 million Zimbabweans lost coverage and were not Human Rights, 1950), available at http://www.coe.fr/eng/ compensated. For further details, see http://www.finmark. legaltxt/5e.htm, (c) Convention for the Protection of org.za/wp-content/uploads/pubs/Rep_M_insurance_ Individuals with Regard to the Automatic Processing of Zimbabwe_20142.pdf and http://www.southerneye.co. Personal Data, ETS No. 108 (Council of Europe, 1981), zw/2013/12/01/first-mutual-life-clients-limbo/. available at http://www.coe.fr/eng/legaltxt/108e.htm, and (d) International Covenant on Civil and Political Rights “Issues Paper on Conduct of Business in Inclusive 5.  (United Nations, 1966), available at http://www.hrweb.org/ Insurance” (IAIS, 2015). legal/cpr.html. “Insurance Core Principles,” as updated through 2015 6.  Guidelines Governing the Protection of Privacy and 16.  (IAIS, 2011). Transborder Flows of Personal Data, section 7 (OECD, 7. http://www.mas.gov.sg/~/media/resource/legislation_ 2013). guidelines/fin_advisers/fin_advisers_act/guidelines/FAA_ APEC Privacy Framework, Principle 18 (Asia-Pacific 17.  G04. Economic Cooperation, 2005). 8. http://www.clhia.ca/domino/html/clhia/CLHIA_LP4W_ Convention for the Protection of Individuals with Regard to 18.  LND_Webstation.nsf/page/AB6B645E4DCB- Automatic Processing of Personal Data (Council of Europe, 1B818525780E0064AB58?OpenDocument. 1981). Flesch-Kincaid readability tests are designed to indicate 9.  See, for example, Guidelines Governing the Protection of 19.  how difficult a passage in English is to understand. There Privacy and Transborder Flows of Personal Data, Principle are two tests, the Flesch Reading Ease and the Flesch- 10; United Nations Guidelines, Article 3; APEC Privacy Kincaid Grade Level. They use the same core measures: Framework, Principle III, “Collection Limitation”; and COE word length and sentence length. Convention. See “Issues Paper on Conduct of Business Risk and Its 10.  Convention for the Protection of Individuals with Regard to 20.  Management” (IAIS, 2015) for an extensive discussion on Automatic Processing of Personal Data (Council of Europe, this point. 1981). Regulators may consider imposing caps on the reasonable 11.  The document can be downloaded from the Federal Trade 21.  expenses to be charged in order to prevent financial Commission’s website, http://www.ftc.gov/os/2002/ institutions from charging exorbitant fees and thus 05/67fr36585.pdf. discouraging consumers from exercising their rights. For more information see, http://www.networkfso.org/ 22.  12. See http://www.asic.gov.au/fido/fido.nsf/byheadline/ Links.html. Cooling+off+rights?openDocument. See generally, http://www.fos.org.au/centric/home_page. 23.  jsp. 3 PRIVATE PENSIONS Pension savings by their nature are complex, difficult This chapter contains principles mainly regarding pri- products for most consumers, both in the accumulation vately managed, defined contribution (DC) funded and the pay-out phase. Several decisions must be made pensions and does not cover state pensions. Though that would require some understanding of finance and duty is due to members of public sector and publicly man- investments. It is not a one-off purchase, but a series of aged pension schemes, they are not consumers in the choices, such as joining a plan, picking contribution lev- literal sense and therefore are not directly addressed in els, selecting investment portfolios, switching among the Good Practices.2 This chapter deals with several pension funds if necessary, and finally selecting a type of approaches for funding pensions and tackles special annuity or other type of retirement product (such as pro- issues but does not discuss prudential and solvency issues grammed withdrawal) and a provider. Pensions are pur- relating to defined benefit (DB) schemes.3 Countries tend chased rarely, and individuals are typically locked in for a to have different regulatory frameworks (for instance, long time. The implications of decisions often become contractual or trustee-based systems, individual or occu- clear only after a significant time-lag. Due to the nature of pational products, DB and DC schemes, and other frame- long-term savings, a small difference in charge levels may works). One important aspect is whether the pension have a significant impact on the final outcome. savings system is mandatory or voluntary. In many coun- tries, pension plans are mandatory or quasi-mandatory or Consumer protection principles require that informa- a condition of employment and, at least implicitly, have a tion is provided in a way that helps consumers without government stamp of approval, via tax breaks or other particular financial knowledge understand key condi- incentives. Extra attention to consumer protection is tions and parameters and follow the development of needed in such cases, over and above the short-run vol- their individual pension outlook. This is a hard task, and untary purchase of financial products that is the case in behavioral economics may help design the best methods. other financial sectors. Consumer protection authorities A special aspect of this is the consideration of default may need to accommodate the special demands of pro- solutions to overcome difficult situations when underedu- tection for these mandatory products with a long time cated consumers would be expected to make well- horizon. Importantly, not only the accumulation but also founded active choices, which is not a realistic expectation. the decumulation or benefit phase should utilize good Indeed, international evidence suggests that competition practices with respect to consumer protection. within pension markets does not work as in other financial sectors, due to the disengaged nature of most fund mem- Some of the practices described herein are more bers. More controlled competition has therefore been emerging and aspirational than others and may not be introduced in many countries, particularly in those with applicable in all countries, and compliance with all mandatory systems, where the fund members may be par- aspects by all jurisdictions is not expected immedi- ticularly vulnerable.1 ately. New practices, often based on behavioral econom- ics, tend to take place in more developed markets. Given   99 100   Good Practices for Financial Consumer Protection the fact that many countries are still in the early phases of systems where provision is by a sponsoring employer and establishing a well-functioning, privately managed, fund- where members do not exercise any individual choice, ed pension system, such initiatives may contribute to the pension-specific issues such as the role of trustees will be latecomers’ advantage, though reform efforts can be stra- of greater importance. tegically phased. The findings and recommendations herein are in line Examples in this chapter are drawn from a range of dif- with, and rely on, the G20 High-Level Principles on ferent countries and regions, covering both developed Financial Consumer Protection (G20 FCP Principles) of and emerging economies, in order to provide practical the Organisation for Economic Co-operation and lessons and approaches that can be utilized across Development (OECD).5 Several country examples countries in different stages of development.4 For sys- throughout the chapter use findings on effective tems where pensions are sold in a retail market to individ- approaches to support the implementation of the G20 uals, consumer protection issues will be similar to those in FCP Principles.6 The harmonized use of the Good Prac- other financial sectors, and many of the same general tices and the G20 FCP Principles will hopefully lead to principles discussed throughout the Good Practices will improvements in consumer protection related to pension apply. For other systems, such as occupational pension products and services around the world. A: LEGAL AND SUPERVISORY FRAMEWORK A1: CONSUMER PROTECTION LEGAL FRAMEWORK a. There should be a clear legal framework that establishes an effective regime for the protection of consumers who deal directly with pension management companies. b. The pension law should explicitly provide for the protection of members/affiliates of occupational and personal plans, including that these plans should be run in their interests. c. There should be an authority (or authorities) responsible for the implementation, oversight, and enforcement of pension consumer protection, as well as data collection and analysis (including inquiries, complaints, and disputes). If a more developed retail pensions market exists, a specialist authority dealing with financial sector and/or specific pension issues may be more appropriate. d. All legal entities that provide pension-related financial services to consumers should be required to be licensed (or registered) and supervised with regard to their market conduct (that is, their business practices in relation to retail customers) by the appropriate financial supervisory authority. e. The licensing process should, at a minimum, require that The applicant’s beneficial owners, board members, senior management, and people in control i. functions demonstrate integrity and competence; There are appropriate governance and internal control systems in place, including specific controls ii. to mitigate conduct of business risk; and The applicant has sound business and financial plans. iii. f. The law should provide, or at least not prohibit, a role for the private sector, including voluntary consumer organizations and self-regulatory organizations, with respect to consumer protection regarding private pensions. Private Pensions   101 Explanatory Notes Pensions, along with other financial products, should be be managed exclusively in their interests. Reference to explicitly covered by the general consumer protection trust law or fiduciary duties can be made in jurisdictions laws of a country, or by consumer protection laws specific where relevant. The requirement of appropriate gover- to the financial sector. In addition, the pension law should nance and internal control systems in the licensing pro- specifically recognize the protection of members of occu- cess of pension service providers is essential to ensure pational and personal pension plans. At a minimum, the that their market conduct is in line with consumer protec- law should explicitly recognize that pension funds should tion principles.7 A2: INSTITUTIONAL ARRANGEMENTS AND MANDATES a. National laws should assign clear and explicit objectives to pension regulatory authorities in relation to the protection of members of pension funds. b. Pension regulatory authorities require adequate financial, human, and other resources to allow them to effectively implement market conduct oversight and consumer protection, as well as prudential regulations. c. Appropriate legal protection should be established to protect the authority and supervisory staff from personal litigation in the good-faith exercise of their supervisory duties. d. Pension regulatory authorities and competition authorities should consult with one another. e. Pension regulatory authorities should work with the media, industry, and consumer associations to involve them in active promotion of financial consumer protection. f. Pension regulatory authorities should involve industry associations to play a role in analyzing complaints statistics and proposing measures to avoid recurrence of systemic consumer complaints. g. Government and state agencies should consult consumers of pension products, industry associations, and financial institutions providing pension-related services to develop proposals that meet consumers’ needs and expectations. Explanatory Notes issues arising in another area that could affect pension Whether within a “twin peaks” structure (with separate fund members. Regulators should also partner with other prudential and consumer protection authorities) or han- groups—media, consumer, and industry associations—to dled by either an integrated financial sector regulator or a ensure that consumers of pension products and members stand-alone pension regulatory authority, consumer pro- of pension schemes are treated well—that is, not pro- tection issues relating to pension fund members need to vided with misleading information, and no mis-selling be considered as well as prudential oversight of the finan- takes place. Though competition within the pension sec- cial condition of their schemes. Whatever the regulatory tor frequently does not operate in the same way as in structure, mechanisms for coordination between different other financial sectors, competition authorities could also financial sector authorities need to be in place to make periodically support the pension regulatory authority by sure that pension regulatory authorities are aware of examining how well the pension market is functioning. 102   Good Practices for Financial Consumer Protection A3: REGULATORY FRAMEWORK a. Regulatory requirements can be established in laws, regulations, or a in rule-making authority, but must be legally enforceable. b. Regulatory requirements should be tailored to the nature, scale, and complexity of the pension industry. c. A principles-based or rules-based approach (or a hybrid approach) can be used. d. As well as regulatory guidance, regulatory tools can include codes of conduct and product reviews. e. The pension regulatory framework relating to consumer protection should focus on reporting and disclosure, sales practices, and dispute mechanisms. f. Additional regulatory tools, such as fee caps and/or techniques utilizing behavioral economics, may also be used. g. Regulatory authorities of pension products and services should consult with the industry when drafting the regulatory framework. h. Regulatory authorities of pension products and services should undertake consumer testing to ensure that proposed regulatory initiatives are likely to have their intended outcomes. Explanatory Notes controls on sales and marketing practices will be particu- Consumer protection regulations can be enshrined in laws larly important. Given that competition has not been or in separate regulation and guidance developed by the found to work well in pension systems (due to a lack of regulatory authority. Most jurisdictions use a combination knowledge and engagement with pensions on the part of of rules-based and principles-based approaches—bal- consumers), the regulatory authority may need to use ancing predictability and flexibility—depending on the additional tools, such as capping fees and using behav- jurisdiction’s legal system (for example, civil code or com- ioral economics tools (such as specifying default providers mon law), cultural factors, and history. Regulatory guide- and/or funds) to protect consumers and ensure the best lines are the most common regulatory tool used in the outcomes for them. Consulting with stakeholders is always pension sector. Codes of conduct are less common than in good practice when drafting regulations, to ensure sup- other financial sectors. Likewise, product reviews by the port for the regulatory framework and aid compliance. regulatory authority tend to be on an individual invest- Public consultations may also be useful tools, as they help ment basis rather than regarding the issuance of pension raise consumer awareness and gather more opinions. products themselves (countries with an active retail market Whether a rules-based or principles-based approach is in personal pension products being the exception). adopted by the regulatory authority will depend on the As with other financial sectors, consumer protection nature of the pension system and its operating environ- around pensions will focus on reporting and disclosure, ment—for example, how well developed the pension sys- sales practices and dispute mechanisms. These main tem is, if there are experienced pension fund managers areas are covered in detail in the following sections. The and service providers, the nature of the legal system, the nature of the pension system will determine which areas level of expertise of the regulator, and so forth. Mandatory are of greatest importance and may therefore require systems generally have a tighter regulatory framework, as greater regulatory intervention. For example, for DC pen- a higher level of consumer protection is required due to sion systems with competing private providers, regulatory the compulsion involved. Private Pensions   103 A4: SUPERVISORY ACTIVITIES a. Pension supervisory authorities should adopt a risk-based approach, focusing on the consumer protection issues that pose the greatest threat to pension fund members. b. Pension supervisory authorities should use their standard supervisory tools to oversee consumer protection issues—for example, requesting information, on- and off-site investigations, complaints monitoring, and so forth. c. Pension supervisory authorities should collect data on consumer and pension fund member complaints and use these in their risk-based supervision assessments and in their industry surveys. d. Pension supervisory authorities should consult with the bodies they are overseeing on consumer protection issues and cooperate with other supervisory authorities domestically and internationally. e. Pension supervisory authorities should treat confidential information of pension fund members appropriately. f. Pension supervisory authorities should conduct their operations in a transparent manner. g. Pension supervisory authorities should adhere to their own good governance practices—including governance codes, internal risk-management systems, and performance measurement—and authorities should be accountable. Explanatory Notes need to operate on good transparency and governance The recommendations regarding supervisory activities standards in order to have a sufficient standing to apply and enforcement are based on the International Organi- consumer and other protection measures to the entities sation of Pension Supervisors’ (IOPS) Principles of Private they oversee. Being a member of a regional or interna- Pension Supervision. These apply to general oversight of tional supervisory organization also helps national super- pension funds, which also includes good practice regard- visory authorities share best practices. ing the oversight of consumer protection issues in the The tools used by pension supervisory authorities to pension field.8 The IOPS stresses that pension supervision oversee consumer protection issues are the same as for should be risk-based, focusing scarce supervisory their overall supervisory task: requesting information, on- resources on the most important risks. In systems where and off-site investigations, complaints monitoring, and so pensions are sold as retail products, greater focus on con- forth. The nature of the pension system and the approach sumer protection issues will be required than in occupa- of the supervisory authority will determine how the tools tional systems or those where pension fund members are used.9 For example, supervisors overseeing many have little or no individual choice. In such cases, pruden- pension funds will rely more on reporting and screenings, tial supervision and regulatory protection are also while those overseeing a limited number of pension pro- required. Pension supervisory authorities themselves viders may undertake more intensive investigations. A5: ENFORCEMENT a. Pension supervisory authorities should be endowed with the necessary investigatory and enforcement powers to fulfill their functions and achieve their consumer protection objectives. b. Pension supervisory authorities should ensure that investigatory and enforcement requirements are proportional to the risks being mitigated and that their actions are consistent. c. Pension supervisory authorities should have an adequate range of intervention and enforcement protective and punitive tools to address contravention, including but not limited to the following: The power to issue formal orders with respect to the pension funds, the members of the managing i. boards, and other managers, requiring them to take particular actions or to desist from taking particular actions 104   Good Practices for Financial Consumer Protection The power to replace members of the managing board and other managers of pension funds and to ii. disqualify them from acting in responsible capacity in the future, either temporarily or permanently The power to restrict business activities iii. The power to impose conditions/restrictions on, or to revoke the operating license of, the pension iv. fund and/or its managing company The power to put the assets of a pension fund in a trust or to restrict the disposal of those assets (that v. is, to freeze them) vi. The power to impose administrative sanctions, including fines, against the pension fund managing body or individuals The power to apply to a court for orders requiring a pension fund to undertake or refrain from vii. undertaking certain actions The power to accept a court-enforceable undertaking from a pension fund or other relevant person viii. or body Explanatory Notes sion fund systems in the world today, certain common Pension supervisory authorities need sufficient powers to approaches to pension supervision have been identi- implement consumer protection for members of pension fied and compiled in these guidelines. The IOPS guide- funds. Such powers will include the ability to direct pension lines provide not only a detailed list of the powers for fund managers and to take cases to court, if necessary. supervisory intervention, enforcement, and sanction, Enforcement pyramids can be used to help supervisory but also guidance on the scope and process of these authorities intervene on a proportional basis with consis- interventions. For example, the goals of the interven- tency across supervised entities and to communicate their tion need to be well-defined, the procedures need to approach and what is expected of supervised entities.10 be clear with a well-defined decision-making process, The IOPS Guidelines for Supervisory Intervention, enforcement decisions and actions need to be consis- Enforcement and Sections11 provide guidance on the tent and proportional, and if a pensions market is most common tools to be used by pension supervisory supervised by more than one authority, these actions authorities. In fact, despite the heterogeneity of pen- need to be coordinated. A6: DISSEMINATION OF INFORMATION BY AUTHORITIES a. Authorities should make readily available to the general public, at no cost, minimum relevant information on the private pension sector and about their own role and how they perform their duties to help achieve their statutory goals and increase transparency. This information should generally include At a minimum, annual reports with summary statistics on an aggregated basis for the pension industry i. as a whole; and In markets with standardized products, information such as comparative cost data and investment ii. performance, as well as interactive decision-making tools, presented in a standardized and easily comprehensible way (typically on a website). b. Reporting of costs should be standardized (including up-front costs and management fees, as well as embedded costs, such as mutual fund fees in the pension fund portfolio), in order to facilitate comparison, preferably including synthetic cost indicators. c. If investment performance indicators are shown, comparison should focus on longer-term performance. d. If comparative investment returns are provided, warnings about the use of past performance should be added. e. Performance measures should be updated regularly but not too frequently, as too much short-term volatility could be misleading. Private Pensions   105 f. Only such meaningful risk measures should be included that emphasize the risk of not achieving desired pension levels, and the significance of the life-cycle approach should be demonstrated. g. Pension supervisory authorities should publish data on enforcement actions where this is felt useful as a deterrent mechanism. Explanatory Notes ones.16 It may also be useful to allow only one type of fee Pension authorities play an essential role in providing element (based on contributions or assets only, such as in easily available, centralized, comparable, and objective Chile and Mexico), but the transition to such a model from information about the whole market and individual service a multi-fee system may create difficulties in standardized providers. The information is equally useful for prospec- net-of-fee performance measurement (for example, tive clients who are selecting a pension product and for Peru).17 those who want to compare services provided to them Tables provided by the authorities that also compare with other products. Because in new, young markets, cli- investment performance and past returns are less com- ents typically have very limited knowledge, it is a priority mon than for costs, but still relatively frequent. Countries to establish and operate central online platforms as soon like Ireland and the United Kingdom do not provide such as possible. In mature markets with a large number of comparisons. Australia, which until recently did not have occupational funds, where complete data collection and such comparisons, either, introduced the requirement provision are not typical, comparability would still be an that pension funds (MySuper) should display compari- objective, but developing a comprehensive database may sons of costs and performance on their website product take longer and receive lower priority, taking into account dashboards.18 This is partly due to the large number of capacity constraints of the authorities as well. However, pension funds and the predominantly occupational lacking comprehensive information may still be problem- nature of the market, but also to the fear that providing atic for policy makers and savers in such markets, and sur- comparative information only on costs would draw atten- veys can substitute for such centralized data provision to tion to short-term results only. Some countries, such as only a limited extent. Brazil, therefore provide market averages and trends Many authorities12 provide comparative tables on their without data at the individual pension fund level. Pen- websites, primarily to compare costs. In some countries, sion fund members of the Mandatory Provident Fund such as Ireland and the United Kingdom, the need to Scheme Authority in Hong Kong can now check annual- compare occupational funds is not a priority, as most ized 5- and 10-year returns on a centralized cost-and- employees are linked to one specific plan. A detailed fees-comparison website.19 breakdown of pension funds’ trading costs is useful but While performance comparisons sometimes include 5- easier to compile and comprehend in smaller markets (for and 10-year average returns, short-term annual (or bian- example, Macedonia), and it can be demonstrated that nual) figures are also typical (though they are rarely the transparent cost comparisons can push down costs signifi- only period compared).20 Additionally, many comparisons cantly in the whole market (as in Mexico).13 The benefits include short-term volatility indicators, such as standard for customers in mass markets suggest that authorities in deviation. Compiled market data based on such short- even more countries should aspire to develop such tools, term figures may lead consumers to unfounded and inap- and regulatory capacity constraints should normally not propriate decisions. It is more helpful if information pose obstacles to this. provided by the authorities focuses on longer-term devel- Cost comparison may be difficult, as different types of opments, and especially on pension projections. (See fees may arise (for instance, load fees and asset-based B5[c].) fees) and the treatment of hidden charges (such as trading Providing free, objective information (guidance) from fees or those of mutual funds in the portfolios) may be government sources about pension products in the pay- complicated.14 Synthetic total cost indicators (TCIs) demon- out phase is recommended, especially for low-income strate all charges—or the average annual investment savers who cannot afford personal advice. It does not rule returns needed just to cover all expenses—for an average out a significant role in the provision of advice by interme- customer with standardized parameters (such as age, size diaries, as even those customers who can afford these ser- of contributions, and other variables).15 Such a tool is used vices typically have a low level of knowledge and in a number of countries, including Hungary, Italy, and Tur- confidence in them. key, but some regulators (for example, Mexico) have been Centralized annuity quotation systems run by authori- hesitant, considering it potentially misleading, since indi- ties have operated for a while in some countries, such as viduals’ parameters will differ from the standardized Chile and the United Kingdom. Experience clearly sup- 106   Good Practices for Financial Consumer Protection ports these systems, since consumers receive better offers where the state guarantees payouts in case of the bank- from providers. Setting up such systems is not too compli- ruptcy of the insurance company, as in Chile, this informa- cated, so constraints on authorities and providers should tion is an important element of disclosure before be possible to overcome.21 Selecting among types of purchasing an annuity.23 products and providers is complex, and participants will Regulatory or, more generally, government authorities need assistance. Because they should be able to identify may also facilitate the distribution of combined informa- the right type of pension product first, and then compare tion about pension income sources from public and pri- quotes from competing providers, a two-tier system that vate pillars. It is useful if the individual can see all pension offers general information and quotations is useful. In income sources on one statement, though this is very Peru, for instance, individual decisions are facilitated by aspirational in most cases. The Netherlands provides an the regulatory authority and the pension fund but are still example of a central website that offers an overview of challenging for consumers.22 Additionally, in countries both public and private pensions.24 (See B5[c].) B: DISCLOSURE AND TRANSPARENCY B1: FORMAT AND MANNER OF DISCLOSURE a. All information provided to customers should be easy to read and understand. b. Information should be available to consumers via numerous channels, such as in branches, pension fund offices, and online (particularly pension calculators). c. Information to be provided on paper (versus online), and the possibility of opting out of paper-based communication, should be carefully considered. Regardless of the means by which information is provided, key information should be provided in a durable medium. d. In all communications, adequate fonts and layout and, where appropriate, graphs should be used. Practical communication with examples should be emphasized, taking into account that participants have differing levels of knowledge and information. e. All communications should be based on a clear vocabulary of expressions to be used or to be avoided, and unusual words and jargon either should not be presented or, at a minimum, should be explained. f. Research is recommended on member attitudes and responses to statement content and design, and terms should be simplified through consumer testing, especially with the needs of vulnerable consumer groups in mind. Explanatory Notes In the United Kingdom, the National Employment Sav- Regulations traditionally require the provision of much ings Trust (NEST), an important provider for auto-enroll- detailed information—including prior to purchasing a ment, has a key role in communicating with people for pension product, at the time of purchasing, and once a whom the idea of saving for pensions may be completely member of a pension fund. Prospective and existing con- new. (See B3[b] and endnote 53.) NEST uses a carefully sumers must be aware of product characteristics and designed and tested vocabulary to communicate with its about what’s going on in the institution managing their consumers. (Box 2 provides an overview of NEST’s use of savings.25 However, more information is not necessarily language.)27 better. People don’t like reading long statements, and a Mexico’s experience in presentation techniques one-page summary is more likely to reach its audience reveals an interesting and important aspect of behavioral than a long document with more data. For the same rea- economics. Presenting fees in pesos instead of percent- son, shorter, focused communication prompts action age rates helped financially illiterate participants select more easily. Australia, Ireland, Italy, Mexico, Spain, the funds with lower fees. Such a small change in approach, United Kingdom, and other countries require the provi- which makes fees transparent and easier to understand, sion of simple and understandable information, empha- is a very useful and efficient tool for policy makers to size simple language, and recommend the use of graphs.26 consider.28 Private Pensions   107 Paper-based communication, though still the most paper.32 At the same time, considering the overall goal of prevalent channel,29 is not the only format. A multi-layer including low-income, vulnerable groups that may lack approach may be a good way to address different con- access to the Internet, traditional communication chan- sumer preferences and needs.30 Automatic or on-demand nels—that is, paper-based distribution, facilitated at information provision, as well as paper-based or online branches of financial institutions—remain relevant.33 distribution methods, may be utilized, which differ accord- Most jurisdictions still do not regulate which state- ing to their depth of information. An information set that ments must be paper-based or may be electronic. For is relevant for all members—such as annual accounts, instance, in Latvia there are no provisions requiring that investment policy, scheme rules and governance, and reg- consumers must opt out of receiving paper-based state- ulatory authority—may have to be provided automatically. ments to receive information electronically. The practice General information on the running of the scheme may of sending annual statements to consumers has been partly be sent out and also made fully available online. changed to issuing statements on demand and having Individual information, including projections, may be them available on the Internet.34 In Tanzania, many mem- updated and sent annually and also made fully available bers have online access to their account, may receive text online. Other information—for instance, combined pen- information about their account on mobile phones, or sion projections with all types of pensions—may be pro- may go to a fund office for a detailed statement.35 In vided only online. For example, modular approaches are Armenia, pension fund members can monitor their last used in Australia: simple introductory materials are avail- activities and account balance online at account operators able on webpages, with links to more detailed documents (banks and postal offices) and via automated teller for interested members.31 machines (ATMs). While local context will influence which More and more people, and especially younger peo- methods are the most appropriate, some regulation in this ple, tend to prefer online and other electronic forms of regard is essential to protect customers’ interests. Com- communication. Meaningful disclosure has to find its plementary regulatory requirements should also be con- channels in this new reality, and careful regulation must sidered regarding recordkeeping for digital transactions, define what’s absolutely necessary to be available on to ensure that records are available for supervisors and BOX 2 NEST’s Use of Language in the United Kingdom Between 2012 and 2018, the United Kingdom has been in the NEST is very cautious when choosing words in communica- process of auto-enrolling 10 million new savers—predominantly tions. In NEST’s Golden Rules of Communication and The NEST workers who have never been covered by occupational pen- Phrasebook,37 its principles are made clear. A full vocabulary is sions before—into a funded pension system. Participation is provided, describing what sort of expressions are to be used or voluntary for the individual—the employer is obliged to provide to be avoided, and how to explain words that may be obvious a solution for voluntary pickup—but the default for employees for pension industry professionals but incomprehensible jargon is membership, and they may opt out. For a large number of for the average participant. Replacement words or phrases are employees, this will be the first time they start saving for their shown in some cases. Words and phrases that NEST does use pensions with the involvement and assistance of their employ- are also listed, as are terms that need to be defined the first ers. The National Employment Savings Trust (NEST), a new insti- time they’re used. The method is based on several rounds of tution, has been set up to serve as the default provider for all research and surveys. employers who are unable or unwilling to choose an alternative NEST emphasizes communicating with practical examples, scheme. NEST may not discriminate and must take on everyone rather than theoretical concepts. Focusing communications on who wants to join. rights (entitlements), rather than responsibilities, also helps. NEST’s objective is to make people save and stay in the sys- Showing participants that they are not alone but part of a large tem after auto-enrollment. Effective and comprehensible com- group of members to whom a similar thing (saving) is happening munication with consumers is essential. It’s also worth increases their comfort. NEST presents plain facts as they are, mentioning that the name NEST itself—with its suggestions of without overexplaining them, and it is aware that participants safety, warmth, and the future—was selected after thorough want to know that they have control and may have choices, even research. Packaging pension issues that often seem complex if most participants would opt not to make them. Finally, different and frightening in a friendly and positive way is an important participants may have differing levels of knowledge and informa- part of achieving policy objectives. tion, so NEST communications take this into account as well. 108   Good Practices for Financial Consumer Protection can also be provided upon request to customers and used dated on a daily basis, as in Bulgaria, Poland, Slovakia, to support disputes. and Turkey.36 Such requirements seem to contradict the Many countries require annual disclosure of investment long-term nature of pension savings and the objective of returns. In certain cases, as in Chile, Hong Kong, Ireland, not prompting consumers to make unfounded decisions Israel, Italy, Mexico, and Peru, the period is shorter. Some- by emphasizing short-term volatility. times, the publication of net asset values is even man- . B2: ADVERTISING AND SALES MATERIALS a. All marketing and sales materials of pension management companies should be easily readable and understandable by the average person, in line with B1. b. Pension management companies should ensure that their advertising and sales materials and procedures do not mislead consumers. This principle applies particularly to comparisons with peers, investment performance, and risks and guarantees. c. The pension management company should be legally responsible for all statements made in marketing and sales materials related to its products, and for all statements made by any person acting as an agent for the company. Explanatory Notes tractual agents. It is useful if regulations explicitly include Disclosure principles and practices should cover all three standardized disclosure obligations for sales materials stages of a consumer’s relationship with a pension pro- (such as past performance not indicating future returns). vider or occupational plan: presale, point-of-sale, and Industry codes of conduct may also be useful tools for reg- post-sale, or pre/post joining the plan. ulating advertising standards, and regulatory authorities In the early stages of shopping for a pension product, may explicitly request pension administrators to come up fair advertising is a key element of responsible disclosure. with such codes (for example, Mexico).39 Some countries, It should not be misleading, and it should not prompt con- such as Belgium, Mexico, Nigeria, Pakistan, and Serbia, sumers to make selections that might turn out to be harm- require pre-approval of advertising materials by the regu- ful for them.38 Pension providers are legally responsible for latory authority.40 Other countries require the filing of everything they say in advertising and everything that is materials, which can then be used unless the regulator communicated during the sales process, including by con- objects within a pre-defined time period. B3: DISCLOSURE OF TERMS AND CONDITIONS a. General considerations Consumers should be clearly informed about the range of pension products and their key terms and i. conditions—including, among others, investment strategy and options, risk and benefits, fees (including fees paid indirectly), any restrictions on transfer, the procedure and fee for closing the account, anticipated contribution and/or benefit accrual rates, and vesting schedules. The full risk related to the pension product should be disclosed and all necessary warnings emphasized. Costs should be disclosed even where non-competing occupational pension plans play a central role ii. (since it supports governance and efficiency by putting pressure on trustees). Consumers should be informed upfront of their options if they decide to change employer or retire, iii. and they should be provided information about the rules of portability of vested benefit accruals, especially if the transfer of assets may lead to a loss of benefits or rights. Consumers should be informed upfront regarding the time, manner, and process of disputing iv. information in statements. Private Pensions   109 Whenever any explicit guarantee covers a pension product, details of the nature and amount of the v. guarantee, as well as the details of the guarantor, should be provided upfront, and the real costs of the guarantee should be shown. Additionally, if members have a right to opt out of certain guarantees, this possibility with all consequences (risks versus costs) should also be made clear. Clear information should be provided to fund members regarding possible underfunding in a DB vi. context and their options in such a case. In solutions with automatic features and default options, participants should be clearly notified that vii. they have control and may have a choice. Explanatory Notes types of pension products compete, such as in Australia or Prospective pension fund clients are expected to select a Jamaica, such comparison is necessary. In some countries, provider and a product based on publicly available infor- hidden costs (such as those of mutual funds in the pension mation. While default options may facilitate this process, fund portfolio) have to be disclosed, or management fee and in other instances, individual selection is not even an duplications are explicitly prohibited (for example, Italy). A option—such as in mandatory systems, when new entrants synthetic TCI that takes into account all direct and indirect into the labor force are automatically allocated to the pen- fees borne by a representative individual, according to sion fund of the cheapest provider, or when employers standardized parameters, is also recommended. (See A6.) pay to one selected occupational scheme—transparency In occupational pension markets with limited free of terms and conditions is always essential. Disclosure choice, such standardization is usually less of a priority. provides information to members about their rights and However, even in such markets (for example, the United gives them the ability to compare the services they Kingdom), regulators consider cost transparency to be receive. Seemingly small differences in fees and condi- essential, as this puts pressure on trustees who may tions may lead to significant differences in final pensions. require better conditions from service providers.44 Therefore, this impact should also be made clear.41 The European Insurance and Occupational Pensions However, more information is not necessarily better. Authority’s (EIOPA) survey of costs and charges of Institu- Supervisory constraints and compliance costs on behalf of tions for Occupational Retirement Provision (IORPs)45 providers make it equally important to require only infor- demonstrates that disclosure regimes of EU member mation that is really useful and does not lead to informa- states vary significantly. The most common forms of dis- tion overload, as too much information reduces the closure are pre-enrollment contract/enrollment informa- likelihood that the message will reach the audience and tion and member benefit statements. prompt action if necessary.42 EIOPA’s Good Practices on Individual Transfers of In markets with standardized products and free choice Occupational Pension Rights46 discusses the special need (for example, Bulgaria, Chile, Mexico, and others), the of information provision for transferring members (see requirement for standardized information is emphasized also C3), when members should be informed about all more.43 For example, information requirements for man- relevant aspects of the transfer, preferably without having datory pension funds in Chile are more stringent than for to inquire, and be provided with access to an online tool. other savings products. Even in markets where different B3. DISCLOSURE OF TERMS AND CONDITIONS (continued) b. Investment choice Clear information should be provided upfront about the method, costs, and any other consequences i. of selecting and changing investment portfolios. Investment options for selecting funds or sub-portfolios should be clearly explained to fund members, ii. supported by guidance on the choice and illustrated by easy-to-understand risk-return and benchmark profiles. In systems with default options, the exact meaning of the elements of the default should be clearly iii. shown to prospective and existing members. 110   Good Practices for Financial Consumer Protection The consequences of staying in default versus opting out should be unambiguously demonstrated to iv. members, by means of a clear explanation of the default investment option and other options, with differences emphasized. It should be made clear to members that they have the right to opt out of the default portfolio. v. Explanatory Notes undertake more short-term investment volatility in order Clients have the right to choose among investment to increase the likelihood of achieving higher long-term options in the case of many pension saving products. They returns and higher pensions, risk tolerance decreases may have the right to select mutual funds (or sometimes among members closer to retirement, as they focus more even individual securities) into their portfolios, or they may on preserving accumulated wealth.49 select a portfolio type with a pre-defined risk profile. It is As multiple investment options are used (or even man- difficult for the majority of clients to choose from such dated) in many countries, and default options are also fre- options. While giving a choice is useful, most pension quent or required, proper design of the default investment fund members may not want to take advantage of it, and option is essential, because it influences the final pension even for more educated members, providing too many levels of most participants.50 A large percentage of fund choices may be counterproductive. members will stay in the default option, especially as it International experience confirms that in countries that may be interpreted as endorsed by regulators. In most offer a wide range of investment choices, such as Australia cases, the default is the life-cycle option, but in Estonia, and Sweden, active selection is very low, below 10 per- Italy, Slovakia, and other cases, it is a low-risk, conservative cent of participants,47 while in Latin American and Central portfolio with no equity investment (or a guaranteed-re- and Eastern European markets with very limited choice, turn portfolio), which by its nature is unlikely to lead to active selection is more prevalent—although a higher adequate returns and pension.51 level of sales activities may also be a part of the explana- Behavioral economics demonstrates that not only tion. Experience from the United States, where a greater selecting a proper investment choice, but even starting to number of choices more often leads to staying with the save is a decision that should be supported by a user- default option, is in line with this finding. The experience friendly and easy default solution.52 This is an essential in Europe is discussed in EIOPA’s report about investment aspect of a safe and well-functioning pension system that options for occupational DC scheme members.48 goes beyond the scope of consumer protection ques- Therefore, the provision of well-designed default tions. Therefore, more details on recent auto-enrollment options is beneficial even in systems with individual experiments in New Zealand, the United Kingdom, and choice. State-of-the-art systems utilize the life-cycle con- the United States may be found in the endnotes.53 cept as a default solution. Whereas younger members B3. DISCLOSURE OF TERMS AND CONDITIONS (continued) c. Payout phase Pension management companies/pension funds should be required to start providing information to, i. and communicating with, members about ways to draw pensions many years before retirement, not only immediately prior to it. Fund members’ attention should be drawn to the consequences of potentially locking in lower ii. pension levels if they automatically accept products from their existing pension fund provider without collecting information about alternative products available on the market. In systems with voluntary annuity purchase, members should be informed about the consequences iii. of longevity risk and the most optimal ways to purchase annuities. Pension regulatory authorities should consider providing or supporting comparative quotation systems iv. to assist comparisons between different types of annuities and other payout options. Private Pensions   111 Explanatory Notes mation only shortly before retirement (two to six months NOTE: The payout phase is typically the least regulated prior), and only a few countries start providing informa- aspect of pensions. Many emerging funded pension mar- tion well in advance—for example, every five years after kets are just starting to reach the payout phase, and only the age of 45 in Belgium. The majority of member states a limited number of countries operate an efficient annuity do not have comparison tools or quotation systems for market. However, because this phase is the point where payout products, the exceptions being Denmark, Esto- savings are translated into pensions, listing good prac- nia, the Netherlands, Norway, Sweden, and the United tices for consumer protection was deemed useful, even Kingdom.62 Annuities are often among the products for jurisdictions where the application of these practices offered, but they are mandatory only in some of the may currently be aspirational. cases. Most member states do not have a default retire- ment option. Finally, in about half of the countries, retir- The payout phase is at least as critical for achieving ade- ees may shop around and choose their own pension quate pensions as the accumulation phase. A non-negligi- product and provider. ble portion of a lifetime’s savings may be sacrificed by one Mandatory annuitization was abolished in the United wrong decision during this phase—such as buying an Kingdom in March 2014, providing more freedom of inadequate and/or overpriced product or, where there is choice to fund members. Previously, the United King- flexibility allowed in the timing, purchasing the annuity at dom was one of the few places with strong requirements a poor time (that is, when interest rates are low). Without to buy an annuity and, in that way, minimize longevity specific disclosure rules about annuitization, opaque and risk. In a huge experiment, the United Kingdom is cur- wide-ranging practices may emerge with harmful conse- rently auto-enrolling into the system around 10 million quences for consumers.54 The information-provision sys- new savers who otherwise would not and did not save tem should be designed so that it helps most consumers for their pensions. (See B3[b] and endnote 55.) Letting understand the information provided about complex pen- the same individuals manage their longevity risk freely is sion products. Although customers typically start thinking an interesting policy development from a behavioral about how to use their savings only very close to retire- standpoint.63 ment, providing information should not be left to such a A second-best alternative to mandatory life annuitiza- late date and should start many years before.55, 56 tion for managing longevity risk may be the use of pro- Most people underestimate longevity risk57—that is, grammed withdrawals, a compromise for situations in the probability that in retirement they will live longer than which proper annuities are not available or not preferred expected and their accumulated savings will run out fast. by regulators and/or the public. This pays pensions over Life annuities, in which this risk is completely borne by the the expected life span. Therefore, individuals may run out insurance company instead of the individual, are often not of funds if they live longer than expected, but a part of popular for this reason. Consumers worry more often accumulated wealth may also be inherited if individuals about dying too early and wasting their savings, instead of die with a remaining account balance. The calculation of their savings being inherited by the next generation— the drawdown, as linked to life expectancy, should be although annuity products providing for such circum- monitored closely by the regulatory authority. There may stances can be made available. also be different taxation consequences of a life annuity Hardly any jurisdiction requires mandatory life annu- versus programmed withdrawal, which will need to be ities,58, 59 and most allow for alternative options, such as made clear to the consumer. lump sums or programmed withdrawals. While a certain Mandatory annuitization may also be relaxed to a cer- degree of flexibility may be necessary (for example, tain extent by introducing a floor (for very small accumu- requiring a minimum amount of annuitization, which bal- lations, when purchasing an annuity is not sensible) and ances necessary protection with the desire for liquidity),60 a cap (which provides a sufficient level of safe life-long insurance against longevity risk is probably required in payout, above which the individual is free to take out a any case, as having savings run out too early is clearly lump sum or use the savings in any other way).64 This against the interest of the customer (and possibly of the structure was previously applied to the Chilean pension taxpayer as well). system. It is useful if the calculation of such cap levels EIOPA’s survey of decumulation-phase practices within takes into consideration other sources of income, such as the European Union61 found that in most cases, IORP state pensions. members in advance of decumulation receive information In many countries, proper annuity markets have not that is similar or identical to what is provided in the accu- been developed. This is a significant risk, as many retirees mulation phase. Where there are differences, the expected do live for a long time, and without a good annuity prod- level of benefits and possible forms of retirement products uct, their old-age living standards may easily turn out to are also covered. Members typically start receiving infor- be meager. Lacking a well-functioning, transparent, and 112   Good Practices for Financial Consumer Protection competitive annuity market, funded systems can hardly Centralized quotation systems operated in some coun- provide adequate and secure pensions. Efforts to create tries can also facilitate the process of helping customers to such markets are important, and then explaining to con- the most adequate pension products. (See also A6.) Such sumers why a life annuity is a good choice—and perhaps comparative quotation systems are strongly recom- requiring it as the default solution with opt-out possibili- mended, since they tend to improve annuity parameters. ties—is the necessary next step for policy makers to If the involvement of all industry players may not be consider. While mandating the purchase of an annuity achieved otherwise, a compulsory provision of quotations helps handle longevity risk, in cases where only a single for a central system may be considered, but it depends on private provider operates in the market, regulators must local context. The involvement of regulatory authorities is be prepared to manage monopoly issues as well.65 In less likely to add credibility to such a system. developed annuity markets, a central (perhaps even In addition to deciding whether to annuitize, there may state-affiliated) provider may be considered. be choice over the level of annuitization, above a mini- mum level. In such cases, advice would also be needed. B4: KEY FACTS STATEMENTS a. A key facts statement (KFS), disclosing the key characteristics, terms, and conditions of the pension product in plain language and preferably no more than two pages long, should be presented to the consumer before signing the contract/joining the plan. b. Before signing the contract, the consumer should sign and deliver to the provider a statement about having received, read, and understood the KFS. c. The KFS should be provided in a standardized format that makes it easy for consumers to compare products offered by different pension providers. d. The industry should be consulted and KFSs pre-tested with consumers in order to find the most suitable standard format for such statements. e. Required standardized formats should be published on the website of the regulatory authority (and preferably also on the website of the pension industry association). Explanatory Notes reference during the life of the product or service, and NOTE: Traditionally a more common practice for deposit they even play a role in complaint handling. These uses and credit products and services, KFSs have been increas- make KFSs of special importance in countries with new, ingly required by pension-related regulations in recent inexperienced financial consumers.68 years.66 This section summarizes emerging practice and EIOPA deals extensively with risks related to DC pen- recommendations. KFSs may be referred to by other sion plans and with information provision.69 A statement terms, including key information documents (KIDs), in by the EIOPA Occupational Pensions Stakeholder Group70 European legislation. includes a recommendation for a basic information docu- ment (BID), and EIOPA’s survey on costs and charges also A KFS provides consumers, in a legible way,67 with a sim- emphasizes the importance of such documents.71 Such ple and standardized summary of key contractual informa- documents should include the following: tion and leads to better understanding of the product or • Name of the pension scheme service. A long information prospectus, often required by • Nature and main features of the pension scheme law, does not substitute for such easy-to-read documents. • Whether loss of capital is possible Where standardized, KFSs make it easier for consumers to • Consequences of an early exit compare offers by different providers before purchase. • Risk and reward profile of the pension scheme Such statements also provide a useful summary for later Private Pensions   113 • Contributions to be paid by the member and all costs This has a parallel in the requirement for a summary and charges plan description for employer-sponsored plans in the • Past performance of the pension scheme United States. The actual plan document is too difficult • Not legally binding projections of possible retirement for most workers to read and understand. The summary benefits plan description presents the plan’s features in an easier- to-read format. Such a BID could then form the first layer in a multi-layered disclosure approach. (See also B1.) B5: STATEMENTS AND ONGOING POST-SALE COMMUNICATIONS a. General considerations Pension plan members and consumers should receive a streamlined statement (typically on an i. annual basis) about their account providing the details of account activity, including investment performance on a standardized basis. Information included in annual statements should enable the plan member to identify current benefit ii. accruals or account balances and the extent to which the accruals or account balances are vested (if applicable). There should be a simple summary of the most essential information and data on the first page of iii. the statement. Statements should not be sent more frequently than annually, including particularly the reporting iv. and comparison of investment performances. Pension companies should disclose information regarding their financial position. v. In the case of DB funds, actuarial reports on funding levels (supported by regulatory guidelines) vi. should be prepared annually, and members should be informed about the condition of the plan in a concise report. The pension plan’s general description delivered to the consumer upon joining should be made vii. available on request on an ongoing basis, and changes in key characteristics should be automatically and immediately communicated. Plan documents, accounts, and reports in general should either be disclosed automatically or made viii. readily available to members/beneficiaries for copying for a reasonable charge. Explanatory Notes Whenever possible, a combined statement that Pension fund members need to be able to follow develop- demonstrates the individual’s main pension sources, ments in their accounts.72 They can monitor whether con- including state (public) pensions, is useful. Including all tributions have been properly transferred and check cur- private plans is also helpful, since this can draw attention rent balances, including investment returns. In line with to forgotten accounts (from previous jobs) and prompt general principles of providing information, the most consolidation of plans, where appropriate. important data have to be presented clearly on the front Participants should also have an easy way to check on page. Long-term pension products generally do not jus- the general developments and financial health of their tify releasing statements more frequently than annually. pension fund. 114   Good Practices for Financial Consumer Protection B5: STATEMENTS AND ONGOING POST-SALE COMMUNICATIONS (continued) b. Investment performance publication For past return figures published, the measurement period should be long, preferably 5–10 years, but i. at the very least 24- to 36-month averages. Notice should always be given that past returns are no indicators for future performance. ii. Pension funds should be required to use standardized valuation and investment reporting criteria, to iii. allow for comparison. Pension funds should be required to communicate to members that the real risk of pension iv. investments is not short-term volatility, but rather not reaching adequate (targeted) final pensions. Disclosure of standard deviation, Sharpe ratios, or value-at-risk (VAR) indicators should be avoided. Explanatory Notes prehensible charts may help this communication. At the Investment performance is a key part of statements. Mem- same time, short-term risk (volatility) indicators,73 which bers have to know the investment results of their contribu- are meaningless in the long run, difficult to understand, tions and savings and see how their future pension benefits and potentially even frightening, should not be disclosed. develop. However, an annual return figure is not sufficient Many countries emphasize the need to show results and may in fact be misleading. One year is not an ade- obtained over a reasonably long time horizon and typi- quate measurement period for pension savings, so besides cally require providers to disclose returns for periods of at reporting about the last financial year, describing the per- least five years. At the same time, disclosure of volatility formance of a longer period is necessary. Showing return indicators is required in many countries.74 This is not nec- figures without giving some adequate information about essarily helpful in adequately explaining real pension risk the risks undertaken to achieve those returns is also mean- to consumers. ingless. At the same time, statements should make it clear Nineteen countries, approximately half of the coun- that the relevant risk is not short-term volatility but final tries that responded to the IOPS (2016) survey, mandate underperformance of targeted pension levels. Easily com- providers to disclose performance in a standardized way. B5: STATEMENTS AND ONGOING POST-SALE COMMUNICATIONS (continued) c. Pension projections Personal statements should focus more on outcome (final pensions) than on simple return figures and i. past performance. The statement should include a well-developed, simple-to-understand projection of future pension income, and should demonstrate the potential impact of increased (and continuous) contributions and the postponement of retirement. Projected monthly income, which is the most important figure for the consumer, should be highlighted, ii. whereas projected fund values at retirement are secondary (but also to be included). The regulatory authority should consider providing assumptions for the projections and supplying the iii. range in which the estimates may vary. Explanatory Notes NOTE: The following recommendations include evolving The most important piece of information, even more good practice in countries where pension projections essential than investment performance, is an estimate of already play an important role. For many countries where future pensions. A pension projection translates invest- projections are not required yet, the objective should be ment performance data into meaningful and comprehen- to facilitate the development of future standards. This sec- sible numbers for the average fund member. This can tion therefore includes fewer good practices but longer prompt such action as increasing contributions, reconsid- explanations to help this process. ering whether one has the proper long-term investment Private Pensions   115 profile, and adjusting targeted retirement age. While such in Mexico, too. Sweden uses stochastic modeling in online projections are used in only a limited number of jurisdic- applications. (Such tools would be difficult to use and inef- tions presently, a user-friendly online application that ficient in a paper-based mode.) Uncertainty of projections allows a member to estimate the effect of several options is communicated by only a simple caveat in most coun- may be the most important ingredient of statements with tries. In Austria, Turkey, and the United Kingdom, uncer- strong implications for old-age living standards. In a num- tainty is illustrated by different rates of returns. ber of countries,75 an interactive pension calculator helps In communications about projected pensions, it is members to personalize projections.76 important to demonstrate the effect of starting to save The Chilean pensions regulatory authority,77 in collabo- earlier. The illustration of the impact of any employer or ration with the OECD, has developed a web-based simu- state match on final pensions is also useful, because it lator using stochastic modeling. (See Box 3.) Probability may prompt the individual to contribute and thus use density functions are used to estimate pension risk,78 tak- the match. A traffic-light system may be useful as it can ing into consideration contributions (their level and how be easier for users to understand, in which green means continuously they arrive), investments, career wage that no action is required and red indicates a risk of curves, and other inputs. The simulator provides useful not attaining desired pension levels and the need to information not only on expected pension levels but also take action (such as making higher or more regular con- on pension risk, which is the danger of not reaching tributions). desired pension levels (target replacement rates). Who sets assumptions for projections—for instance, Contribution density (continuity), the importance of expected rates of return or future inflation rates—is a key which is easily forgotten in simpler models, is emphasized question. If done by regulatory authorities (or regulation), BOX 3 Pension Projection and Pension Risk Modeling in Chile In Chile, pension fund members have received personalized sively fixed income), where the default life-cycle de-risking information about pension projections in their annual pension path for an individual moving from young age to retirement is statements since 2005, forecasting expected pension levels B-C-D, but other options may also be selected, with some depending on current contribution levels and regularity and restrictions (such as limiting volatility prior to retirement). In retirement age. For fund members with 10 years or more before addition to inputs such as contributions, career income pro- retirement, personalized pension projections show the files, human capital risk and annuitization risk, stochastic mod- expected pension levels if regular contributions are maintained. eling of the probability density function of replacement rates For members who have less than 10 years to the legal retire- also requires investment-return estimates. Long-term average ment age, the projections show the pension to be expected if return and volatility forecasts are prepared for all subfunds, retirement is postponed. The information has prompted action and then scenario analysis is undertaken for different life-cycle and led to increases in voluntary contributions. investment strategies—for instance, staying in the default The Chilean Pension Supervisor (Superintendencia de Pen- path; using the balanced C fund for the whole career; or using siones) has been modeling pension risk for a number of years, a C-D-E path, rather than the default B-C-D, which results in analyzing the probability density function of replacement rates. somewhat less volatility). Thousands of runs are tested and Pension risk is the probability of final underperformance (low- then aggregated during the stochastic modeling. This leads er-than-expected benefits). Since 2012, the supervisory web- to an output of probability density functions, based on the page has provided help to fund members via a pension combination of the individual’s characteristics and the selected simulator model.82 Users input their age, gender, retirement investment profiles. age, investment strategy, and contribution level and density. Such an exercise may be recommended to regulatory The simulator then uses probability densities to produce out- authorities in other countries. Developing such a tool is not puts that illustrate in an easily comprehensible way the likeli- likely to overwhelm regulatory capacities, especially given that hood of reaching proper pension levels (the target replacement the above-described blueprint already exists. All such experi- rate). Instead of formulas for risk that the average user may find ments, however, call for caution and conservative estimates. difficult to comprehend, charts show possible outcomes and With fixed contribution rates (typical in mandatory systems), if actions to take (such as making regular contributions, increas- the risk of not reaching the target pension levels remains too ing contribution rates, or working longer) in order to decrease high, then assuming higher returns is not the reliable and pru- the chances of not achieving desired pension levels. dent answer. Instead, working longer (or, if affordable, saving The Chilean multifund system includes five subfunds with more on a voluntary basis) is the variable to be adjusted. risk profiles ranging from A (mostly equity) to E (almost exclu- 116   Good Practices for Financial Consumer Protection “competition in optimism” by providers may be elimi- with deterministic projections.79 Assumptions should be nated. On the other hand, a setup in which providers set net of fees and inflation. assumptions may lead to more flexibility when market While it is useful for the individual to receive projections conditions change rapidly. In most of those cases where that combine several sources of pensions, including both projections exist, the regulatory or supervisory authority public and private, not many countries do this.80 It may be sets the assumption (or range of assumptions). Projections difficult to coordinate among more bodies (pension pil- are not permitted in some countries (for example, Roma- lars). Sweden’s “orange” envelope, which is sent out annu- nia), as decision makers worry that members may misun- ally, contains projections from the public first pillar and the derstand them and that inaccurate projections may hinder funded second pillar (both mandatory). In the Netherlands, consumer confidence in the system. In general, projec- standardized data by pension providers (including the tions ought to use cautious investment and inflation important assumption that current savings are maintained assumptions and actual plan charges, as doing this may until retirement) allow the accumulation of estimated address some concerns about the uncertainty associated future pension incomes from different schemes.81 B6: NOTIFICATION OF CHANGES IN RATES, TERMS, AND CONDITIONS a. Customers should be notified a reasonable period in advance of any planned change in fees or any other change that significantly affects members’ rights and benefits. b. Future benefit accruals should not be reduced without appropriate advance notice to employees. c. An exception to the generally recommended annual frequency of statements should be alerts, such as those that draw attention to a new pension reform or reassure members in a financial crisis. d. Members and beneficiaries should be notified in timely fashion if required employer and member contributions have not been made to the pension plan. Explanatory Notes A general feature of pension products is that it is unneces- A more precise specification of what is “reasonable”, sary to check on them too frequently. Short-term noise “appropriate” or “timely” may depend on the individual may lead to rash and unfounded steps. However, when context and usual notification periods in the given jurisdic- important changes occur or when external factors justify tion. In general, advance notification about changes in it, extraordinary communications may be called for.83 Sim- conditions should leave time for customers to act, and ilarly, a notification about missing contributions is import- alerts ought to go out as soon as possible.84 ant, because the easiest way to end up with low pensions is by not making contributions. C: FAIR TREATMENT AND BUSINESS CONDUCT C1: UNFAIR TERMS AND CONDITIONS a. The purchase of pension products should not be restricted by, and rights or benefits arising from a pension product should not be linked to, a compulsory purchase of other products. b. Once members send notification indicating their wish to switch investment options, they should not be locked into the earlier option for more than a short period (for example, one week), with particular concern to investments into the stock of the employer. c. Employees should not be discriminated against, and should not receive unequal treatment regarding disclosure, portability and other rights, based on age, gender, marital status, or nationality. In mandatory systems, exclusions based on salary, periods of service, and terms of employment should also be avoided. Private Pensions   117 d. Employees should not be retaliated against by employers or pension plan representatives as regards pension benefits and the exercising of rights. e. Accrued benefits of employees should be protected in a way that, with limited exceptions (see explanatory notes), there should be no possibility for retroactive reduction. f. Employees’ benefits should be vested quickly by employers (between immediately and five years), to prevent employers from unfairly terminating employment just before contributions would start vesting. Explanatory Notes Vesting should be immediate or occur in a reasonable Existing and prospective pension fund clients must be time given the length of employment, and members’ own free to choose among providers, products, and options, contributions should always be vested immediately. (See without having to undertake commitments not linked to also C3.) In a collective bargaining process, the rate of the given selection. Investment choice also should be free vesting of member contributions may exceptionally be (within the framework provided by the pension fund), and subject to bargaining, and members may also give their implementation should be quick. free consent to a retroactive reduction in accrued benefit. Participants and especially employees have the right Certain types of pension plans (such as risk-sharing, to be free from unfair, unequal treatment that is discrimi- defined-ambition, or target benefit plans) allow for the natory or even retaliatory. The rights apply in the direction reduction of accrued (not-yet-paid) benefits in some cir- of the pension fund and the administration company as cumstances. Members should be informed in a clear well as the employer.85 manner that accrued benefits can be reduced, and they must receive adequate pre-notification when such reduc- tions happen. C2: SALES PRACTICES AND CONFLICTS OF INTEREST a. General considerations Regulations should ensure that high-pressure sales tactics or misrepresentations during the sales i. process are not be used. To recommend adequate pension products, sales officers should be required to examine important ii. characteristics of any potential customer, such as age, employment prospects, and financial position, and to be aware of the customer’s risk appetite and long-term retirement objectives. Those selling pension products should be required to apply caveat venditor, instead of caveat emptor, rules—that is, “seller beware,” rather than the more traditional “buyer beware.” Consumers should be made aware of the importance of sharing relevant, accurate, and available iii. information with pension providers. The consumer’s circumstances and the advice given should be put in writing and retained. iv. At the sales stage, potential conflicts of interests may arise from the way internal staff and agents are v. remunerated. All such conflicts, and the way they are managed, should be clearly disclosed. Explanatory Notes It is essential that those who influence decisions in this Providers should be responsible for designing products process—a salesperson or even the employer’s represen- and systems with behavioral realities in mind. Providers tative, in case of occupational schemes—exercise due need to ensure that the products are appropriate and care. They should not be allowed to take advantage of adequately suited to consumers’ needs and circum- any informational asymmetry.87 “Seller beware” princi- stances, and that they are delivered in a responsible ples88 should drive providers’ behavior, and suitability fashion. Aggressive or misleading sales practices contra- requirements apply in most IOPS member countries. (Suit- dict the basic requirement of acting in the best interests ability is less of an issue in mandatory pension systems.) of consumers.86 For vulnerable consumer groups, provid- As a minimum, age is a standard suitability requirement— ers should assume an even greater level of responsibility. in some cases, such as in Nigeria and Mexico, it is the only 118   Good Practices for Financial Consumer Protection one—but risk appetite, income, family situation, tax posi- ance testing, these suitability checks may be supervised, tion, and net worth are also frequently taken into consid- as in Colombia, Israel, and Slovakia. eration.89 Treating customers fairly (TCF) principles may The principles apply even more when dealing with vul- facilitate the principles of responsible finance in pensions nerable consumers with low incomes, low levels of finan- as well.90 Bans on high-pressure selling can include a gen- cial capability, and limited access to or experience with eral prohibition on cold-calling or a requirement that only formal financial services. Such consumer groups charac- pension providers from a pre-approved list are allowed to terize particularly, but not exclusively, emerging/develop- contact the consumer.91 ing economies. It must be acknowledged, however, that It is equally important that consumers always provide especially in these economies, it may be demanding to exact and up-to-date information to service providers and supervise providers’ implementation of these financial agents, so that products can be accurately recommended consumer protection rules effectively. Therefore, the on this basis, and that providers seek all relevant informa- objectives of financial inclusion may have to be balanced tion from consumers.92 Consumers in many countries (such with capacity constraints of providers and supervisors. as Australia, Colombia, Costa Rica, Israel, Mexico, and Even in developing economies, though, supervisory Thailand) are warned if providers lack sufficient informa- authorities may assist service providers with annual regu- tion, and/or the sales may not go ahead in such instances latory seminars in which responsibilities to clients are (for example, in Hong Kong, India, and Pakistan). Austra- emphasized (South Africa).93 lia, Hong Kong, and many other jurisdictions require that The licensing of agents is further discussed in C5, the consumer’s circumstances and the advice given be put “Agents and Intermediaries.” in writing and retained. Based on complaints and compli- C2: SALES PRACTICES AND CONFLICTS OF INTEREST (continued) b. Employer responsibilities Employers should be responsible for ensuring that new plan members are made fully aware of their i. rights and obligations under occupational pension arrangements, including rights to mobility. Employers should properly collect and transfer contributions. Supervisory and regulatory authorities ii. should be able to go after, and initiate prosecution, against the employers in this respect. Explanatory Notes Employers play a key role in pensions. They often influ- essential that pension administrators send a timely warn- ence (or even make) the employee’s decision about which ing to the employee (and preferably also to the authori- scheme to contribute to. Employers also collect and trans- ties) if contributions do not arrive properly.95 fer contributions in most cases. It is useful, therefore, to Personnel departments have an important role in pro- monitor the interaction between the human resources viding information about possibilities related to pension departments and sales agents as much as possible, to accumulation. They should also be prepared to become minimize the danger that decisions serve the interest of the first point of contact for dispute resolution. Supervi- the employer (or, in extreme cases, even individual staff sory authorities should support personnel departments in members) more than the fund participant.94 It is also their role to help employees. C3: CUSTOMER MOBILITY AND COOLING-OFF PERIODS a. Pension providers should be required to establish clear and transparent rules and procedures for switching pension funds and providers, including the right to switch in a swift manner. (For example, assets should not be withheld for an unreasonably long time after the initiation of a transfer.) b. Employees who change jobs should have the right to transfer their vested account balance, valued in a fair and reasonable way, with a reasonably short time of execution. c. Portability rights should not be inhibited by unreasonable fees, and members (and beneficiaries) should be informed of any such charges in any case. Private Pensions   119 d. Individuals should not be required to exercise their portability rights and should be allowed to leave vested benefits in the plan of their former employer. Such vested benefits should be protected. e. A reasonable cooling-off period should be associated with any individual pension product. Explanatory Notes whether the interests of members who change pension In general, consumers should enjoy a great degree of plans are protected in these regards. mobility among pension funds.96 Because the standards Obstacles in portability rights may decrease mobility. of service they receive during the accumulation period Additionally, retirement savings may often be managed have a large impact on old-age well-being, it must be pos- more efficiently if portability rights enable consolidation sible to switch if performance is poor. This principle has to as the employee moves to the next job. For instance, cer- be balanced with the cost of too-frequent changes, and tain DB plans in the United Kingdom convert savings into also with the fact that the long-term nature of pension a lump sum when the employee leaves, making it possible investments means that decisions based on short-term to transfer them into the scheme of the new employer, “noise” may not always be well founded. Switching fees which is probably a DC pension fund.100 On the other may be applied to cover transfer costs, but unreasonable hand, inflation indexation of vested benefits is stopped charges should not complicate mobility. However, the for early leavers in some cases, which does not help pro- structure of fees may be a tool in minimizing exaggerated tecting the value of benefits. “Pot follows member” rules switching. (For instance, charges may be punitive within a have also been considered in the United Kingdom.101 short period after the previous switch.) Pension products are complex, long-term products. A special case is the occupational plan with employer This justifies a reasonable cooling-off period after purchase, contributions. Employers have a large role in assisting during which consumers may change their minds in a employees to adequate pensions by running occupa- no-pressure environment.102 A general approach to cool- tional schemes to which they contribute. This is also a tool ing-off periods for similar products (such as life insurance) of retention in many cases, and that is why employers do suggests that this may be between 14 and 30 days. In sys- not prefer to support employees who leave after a short tems with mandatory participation, this rule does not apply. period. Vesting rules97 serve this purpose. Therefore, a EIOPA’s Good Practices on Individual Transfers of Occu- reasonable period may be acceptable, but this cannot be pational Pension Rights103 includes, among other things, exaggerated, since that would harm the individual’s pen- that any reason why transfers might be suspended should sion rights and adequacy and would hinder job mobility. be clearly formulated in advance; a sufficiently long period Such constraints need to be minimized, but unreasonable should be allowed for out-transfers and in-transfers at any costs to employers should not be imposed either. Periods time during the membership in the new scheme; if the for vesting are typically between immediate to five years.98 member is charged for the transfer, charges should reflect Entitlements derived from member contributions to the the actual work; and transfers should be processed and pension plan should be vested immediately.99 executed within a reasonable timeframe. The Good Prac- The implementation of transfers requires that they are tices also suggests that members should be informed settled in a reasonably short time (such as 14 days or less), about all aspects of the transfer—for example, value, and that the valuation of the vested account balance hap- options, timeframe, reductions and costs, possible impact pens according to proper actuarial methods. There should on benefits, risk coverage, and taxes—preferably auto- be supervisory tools developed and used to monitor matically upon termination of employment, and along with access to an online tool. (See also B3[a].) C4: PROFESSIONAL COMPETENCE a. The assets of pension fund members should be invested by professionally qualified staff, equally in the case of internal and external asset management. b. Trustees of occupational schemes should be required to have minimum qualifications and to qualify for fit-and-proper requirements. c. Trustees should be required to have the necessary skills collectively to fulfill their functions. d. Standardized trustee training should be required on an ongoing basis. 120   Good Practices for Financial Consumer Protection Explanatory Notes qualifications, or fit-and-proper requirements. For exam- Future living standards of fund members depend on how ple, Chile has established requirements that providers be professionally and responsibly their pension savings are tested about their knowledge in securities brokerage.106 looked after. All parties involved in the process, including Israel similarly has legislation about the competence of trustees, directors, and asset managers, must possess the advisors and portfolio managers.107 In South Africa, staff necessary competence and qualification. For pension employed by pension administrators must be trained and fund managers and other service providers, their profes- then supervised in this respect.108 sional competence should be checked as part of the The IORP II Directive’s definition for “fit” is that qualifi- licensing process by the supervisory authority. It is also an cations, knowledge, and experience must be adequate important recommendation of the OECD that “the gov- for managing the IORP or fulfilling key functions, while erning body should collectively have the necessary skills persons must be of good repute and integrity to be con- and knowledge to oversee all the functions performed by sidered “proper.” Those running the IORP must collec- a pension fund, and to monitor those delegates and advi- tively be able to deliver sound and prudent management. sors to whom such functions have been delegated” Persons who carry out actuarial or internal audit key func- (emphasis added).104 Additionally, outsourcing should not tions must have sufficient professional qualifications, eliminate fiduciary responsibilities. Those entities that out- knowledge, and experience, while other key function- source must monitor the performance of the person or holders must also be fit to carry out their job. organization to which they have outsourced. The pension regulator in the United Kingdom runs an Suitability requirements of trustees and senior man- online trustee toolkit for new trustees to complete.109 This agement have recently been tightened in a number of could be studied by countries that operate trustee-gov- countries, such as Australia, Mauritius, the Netherlands, erned private pension systems but lack adequate training Portugal, and others.105 Local context and legal require- and licensing approaches, as such a toolkit may be useful ments influence what counts for minimum or professional in general. C5: AGENTS AND INTERMEDIARIES a. Regulation should be clear about who is authorized to market and sell pension products, and it should define the exact role of agents, brokers, and advisors. b. If agents, brokers, or advisors play a role in the private pensions market, regulation should clearly specify their licensing requirements. c. Licensing regimes should include requirements for suitability, competency, and professional conduct, and for the discipline of agents, brokers, and advisors. d. As part of their licensing requirements, agents, brokers, and advisors should be required to hold professional errors-and-omissions insurance relating to the conduct of their business. e. Licensing requirements should not relieve pension fund managers from responsibility for appropriate oversight and control of their in-house sales staff and their distribution channels. f. The agency relationship should be governed by an agency agreement between the agent, broker, or advisor and the pension fund manager that should not exclude the pension fund manager from liability for misconduct by the agent, broker, or advisor. Explanatory Notes tion and include clear requirements for suitability, compe- Sales intermediaries are the principal interface between tency, professional conduct, and discipline. Professional the client and the service provider. Unless it is clearly indemnity insurance should also be required for error and defined who may sell pension products and what qualifi- omissions by intermediaries in the conduct of business. cations and licensing are required to do that, the danger Pension intermediaries are controlled in a number of of mis-selling remains high. In fact, licensing of agents, countries.110 Standard fit-and-proper criteria apply to pen- brokers, and advisors helps ensure that interactions with sion intermediaries in most IOPS member jurisdictions. In consumers are conducted in a professional manner. The some countries, such as Colombia, Lithuania, and Mexico, licensing function should extend beyond simple registra- given the lack of legal regulations, pension fund manag- Private Pensions   121 ers should impose requirements on the sales agents. Mexico, for instance, net returns of the providers indicate Qualifications required may be an appropriate academic who will receive new members by default, whereas in degree111 and/or credentials issued by the industry.112 Chile or Peru, new entrants must join the pension fund Many jurisdictions maintain ongoing training require- with the lowest fee (by a bidding process) and stay there ments.113 In Pakistan, Spain, and Turkey, as well as in many for a minimum of two years. In other countries, including Latin American countries, such as Brazil, Chile, Costa Rica, Bulgaria, Macedonia, Poland, and others, new members and Peru, pension fund providers themselves sell the are allocated according to a formula.115 product—and in such cases, requirements apply to inter- Intermediaries in such cases may not necessarily be nal staff. At the other extreme, in countries such as Korea, required at all and have been removed in some cases. In Jamaica, and Romania, only agents are involved; pension Romania, intermediaries may not advise on switching, and providers do not handle distribution directly. Most coun- in Poland, pension funds and managing companies may tries allow sales by both internal staff and agents.114 not practice active sales. In Sweden and Latvia, there is a In special cases, the role of sales agents may be mini- central administrative interface, and fund providers (asset mized. In mandatory individual account systems, where managers) may not contact consumers directly, since they young people entering the labor force must join the sys- receive bulk orders from the interface, which collects the tem, a costly marketing war among pension funds is not savers’ individual investment decisions.116 By unbundling beneficial for the public good. Instead, automatic alloca- administration and asset management, competition takes tion of new members (in a lottery system) or a bidding place only where it may add real value. process with the lowest charges may be more useful. In C6: COMPENSATION OF STAFF, AGENTS, AND INTERMEDIARIES a. Internal staff and agents should be remunerated in a way that helps avoid conflicts of interest and leads to fair treatment and responsible business conduct. b. Commissions paid to sales agents purely on the basis of the volume of pension products sold should be banned. c. Conflicts of interest between the pension fund and its service providers should be minimized as much as possible. All such conflicts, and the way they are managed, should be clearly disclosed, including the structure in which staff and agents are remunerated. d. Fees to asset managers based on short-term performance measurement should be avoided. Explanatory Notes member countries, the distinction is not always transpar- A basic principle of consumer protection is that incentives ent to consumers. of service providers and sales personnel should be in line In the interest of customer protection, Australia, the with the interests of the client. No one should ever receive Netherlands, South Africa, and the United Kingdom have compensation for actions that harm consumers. Conflicts introduced legislation that bans (or strictly regulates and of interest should be avoided or, if impossible to avoid, limits) commissions in the process of selling pension prod- managed, and appropriate disclosure is expected in such ucts. Fee caps may also be useful tools, and some coun- situations.117 Advisers or sales staff might fail to recommend tries have caps on the fees that intermediaries may the most appropriate product for several reasons. Short- charge.121 Fee caps and/or flat switching fees have also term profit pressure on them may not be in line with the been introduced in the Czech Republic and Slovakia. In a long-term financial interests of the consumer, or commis- number of countries, no regulations control fee setting.122 sion structures may incentivize sales staff to push a particu- This may also be appropriate if supervisors have alterna- lar product. Staff remuneration should therefore include tive tools to boost competition. many other factors besides sales performance.118, 119 In mandatory systems, provider staff members fre- For their advice, intermediaries may be paid a flat fee quently sell products and give advice, decreasing the by individuals,120 receive commission from the pension scope for conflicts, as such stand-alone entities do not company whose product they sell, or a combination of the cross-sell other products, being allowed to deal only with two. In this latter case, which applies to about half of IOPS pensions. In practice, however, pension providers often 122   Good Practices for Financial Consumer Protection belong to a financial group, so conflicts of interest may consumer interests.123 The objective of asset managers not be ruled out completely. should also be the optimization of members’ final pen- For pension products that have long-term savings fea- sions, which may be achieved by benchmark-driven solu- tures, the proper long-term incentive of asset managers is tions,124 where the performance of the investment also a key requirement. This element of the compensation manager is compared to that of a portfolio structured for structure does not apply to the sales process, but the long-term optimization and not to short-term indicators, implications are at least as important for the protection of such as an annual bank deposit rate or inflation. C7: FRAUD AND MISUSE OF CUSTOMER ASSETS a. Adequate custodian arrangements, including safekeeping, monitoring, settlement, and control functions, should be in place to ensure that assets are safeguarded. b. Pension fund assets should be segregated from all other funds. c. Vested benefits should be protected from creditors of the sponsor and service providers, and also when the sponsor or a service provider changes ownership. d. Trustees/boards should be legally responsible for ensuring that the funds are only used for the benefit of the pension fund members. e. Investments in instruments issued by entities related to the pension fund should be prohibited or strictly limited. Explanatory Notes strictly limited.126 Transactions between different funds Segregation of pension assets is a key requirement to managed by the same pension fund administrator—which avoid fraud and misuse. Normally, a custodian, indepen- may make perfect business sense—are normally to be dent from the pension fund and the asset manager, fulfills reported to the authorities. Investment in non-regulated safekeeping and monitoring functions, settles transac- assets may also lead to misappropriation (South Africa).127 tions, and checks investment limits (and, in most cases, Special care must also be taken when investing in bank also calculates net asset values). deposits, as deposit insurance guarantees generally do not When managing pension fund assets, insurance com- cover deposits of pension funds (which are deemed profes- panies are required to ensure that those pension savings sional institutional investors). Strict diversification rules and are fully separated from other assets or liabilities arising a close monitoring of the financial situation of pre-approved from different activities of the company.125 Because in the banks must be applied. These principles are obvious when case of traditional insurance, client assets are on the books investing in stocks or bonds, but plain-vanilla bank deposits of the insurance company, this is an important aspect of may sometimes seem more secure than in reality. segregation. Corporate governance principles are also fundamen- Investment regulations and approaches are also tal in preventing fraud. Since this is on the borderline of expected to minimize the chances of fraud and misuse of consumer protection, further references are listed in the customer assets. Investing in instruments issued by enti- endnotes.128 ties related to the pension fund is generally prohibited or C8: BANKRUPTCY a. Regulations should ensure that customer assets are not affected by bankruptcy procedures of the plan sponsor or any service provider. Private Pensions   123 Explanatory Notes ber benefits if a plan sponsor were to go bankrupt while a In the case of bankruptcy, it is essential that client assets scheme is underfunded. The OECD recommends that are segregated and fully protected from legal processes these protection schemes be in place in the book reserve against any service provider. This is indeed the case in pension systems and has discussed the challenges that many jurisdictions.129 In some countries, such as Germany, need to be addressed to ensure that they are well the United Kingdom, and the United States, pension ben- designed and sustainable.130 efit guarantee schemes would protect some level of mem- D: DATA PROTECTION AND PRIVACY131 D1: LAWFUL COLLECTION AND USAGE OF CUSTOMER DATA a. Intermediaries, advisers, and pension schemes should be allowed to collect customer data within the limits established by law or regulation and, where applicable, with the customer’s consent. b. The law or regulation should establish rules for the lawful collection and use of data by intermediaries, advisers, and pension schemes, including when consumer consent is required, and clearly establishing at a minimum How data can be lawfully collected; i. How data can be lawfully retained; ii. The purposes for which data can be collected; and iii. The types of data that can be collected. iv. c. The law or regulation should provide the minimum period for retaining all customer records and, throughout this period, the customer should be provided ready access to such records for a reasonable cost or at no cost. d. For data collected and retained by intermediaries, advisers, and pension schemes, intermediaries, advisers, and pension schemes should be required to comply with data privacy and confidentiality requirements that limit the use of consumer data exclusively to the purposes specified at the time the data were collected or as permitted by law, or otherwise specifically agreed with the consumer. Explanatory Notes • The extensive information flows that take place, includ- Consumers have a right to financial privacy and to be free ing between providers and intermediaries and from unwarranted intrusions into their privacy.Because of between members of a corporate group that includes the requirement for intermediaries, advisers, and pension one or more financial service providers schemes to know their customers, pension sector profes- • The ever-increasing likelihood of information being sionals often have large sources of information regarding received and held electronically, with a corresponding the financial situation of their customers, including per- increase in the risk of remote, unauthorized access sonal information, contact details, consumer agreements, transaction logs, passwords, and so forth. Given the • The fact that privacy is a fundamental human right potential for abuse and misuse of such information, it is deserving of protection, as indicated in various inter- essential that this type of collection is regulated to avoid national instruments to which many countries are sig- the risk of potential harm for consumers. For example, natories133 providers may otherwise collect sensitive data and use it Pension sector professionals should be allowed to legally for unfit purposes that may harm consumers. The various obtain, retain, and use consumers’ personal information reasons for ensuring privacy and data protection include: after obtaining lawful and informed consent from the con- • The sensitivity of the personal information held and sumer or on some other legitimate basis, including when used in pension products 124   Good Practices for Financial Consumer Protection related to the provision of the specific pension product or The lawful collection of data with customer consent is service the consumer acquired. International guidance is strictly connected to the purpose for which it was col- clear in establishing that “the collection of personal data lected, and pension sector professionals should be per- and any such data should be obtained by lawful and fair mitted to use the data only for these purposes. Data means and, where appropriate, with the knowledge or should be considered legally used only if it is processed consent of the data subject.”134 While the policies and for the purpose for which it was collected. If this issue is practices regarding what constitutes lawful collection of not regulated by law or regulation, there is a risk that pen- data differ both across jurisdictions and among interna- sion sector professionals may collect information for cer- tional guidance and principles, lawful and informed con- tain purposes for which customers may be willing to give sent represents an underlying and cross-cutting theme. consent but then use that same information for other pur- Further, following the approach of treating data pri- poses that may be detrimental to customers’ interests and vacy as a human right, Convention 108 of the Council of for which the customer otherwise may not have given con- Europe (COE Convention) establishes that data shall sent. Pension sector professionals should also be prohib- undergo automatic processing only for a legitimate pur- ited from disclosing consumer information to third parties pose, and that certain categories of sensitive data cannot for unauthorized (that is, without the consumer’s prior con- be processed automatically, unless national legislation sent) uses, such as for marketing purposes. provides appropriate safeguards.135 D2: CONFIDENTIALITY AND SECURITY OF CUSTOMER’S INFORMATION a. Pension management companies should be required to have and implement policies and procedures that ensure the confidentiality, security, and integrity of all data stored in their databases that relate to customers’ personal information, accounts, and transactions. b. In order to ensure confidentiality, when establishing policies and procedures, pension management companies should also establish different levels of permissible access to customers’ data for employees, depending on the role they play within the organization and the different needs they may have to access such data. c. Confidential information of members of occupational pension plans should be protected along with their general employee, employment, compensation, and other records. d. In order to maintain the security and integrity of customers’ data, pension management companies should also be required to have and implement policies and procedures to ensure security related to networks and databases. e. Pension management companies should be held legally liable for misuse of consumer data. f. Pension management companies should be held legally liable for any breaches in data security that result in loss or other harm to the customer and should put in place clear procedures to deal with security breaches, including mechanisms to reimburse or compensate consumers. Explanatory Notes A guiding principle in this area is that pension manage- The protection of pension fund members’ confidential ment companies should ensure that personal information information is of particular importance for systems where in their custody or under their control is used only for the pension products are sold to individuals, as with other purpose for which that information was obtained or com- financial products. Given the nature of the industry, pen- piled, or for a use consistent with that purpose. Pension sion management companies may collect, store, and pro- management companies have a clear responsibility to cess significant amounts of financial and personal provide their customers with a level of comfort regarding information. Safeguarding personal and financial data is information disclosure and the security of personal infor- one of the key responsibilities of the financial services mation. Information that a consumer expects to be confi- industry. Security should be put in place to protect against dential should be treated as such. Customers should be unauthorized access to a consumer’s information. informed about which information might be disclosed and to whom. Private Pensions   125 D3: SHARING CUSTOMER’S INFORMATION a. The law should state specific procedures and exceptions concerning the release of customers’ financial records to government authorities. b. Whenever a pension management company is legally required to share a customer’s information with a governmental authority, the company should be required to inform the customer in writing (including in an electronic form) in a timely manner of The governmental authority’s precise request; i. The specific information of the customer that has been or will be provided; and ii. How and when that information has been or will be provided. iii. c. Subject to the exception noted in clauses D3(a) and (b), without a consumer’s prior written consent as to the form and purpose for which their data will be shared, the law should prevent pension management companies from selling or sharing any of a consumer’s information with any third party, unless such third party is acting on behalf of the pension management company and the information is being used for a purpose that is consistent with the purpose for which that information was originally obtained. d. Before any such sharing for the first time, pension management companies should be required to inform consumers in writing of his or her data privacy rights in this respect and how they intend to use and share customers’ personal information. e. Pension management companies should be required to allow customers to stop or opt out of any sharing by the pension management company of information regarding the customer that they previously authorized (unless such sharing is mandated by law), and the pension management company should inform its customers of his or her opt-out right. f. Third parties should be prohibited from disclosing the shared information regarding a consumer. Explanatory Notes Governmental regulatory authorities have the need Customers should be aware of how information can be to obtain customer information for regulatory and law shared with third parties, including within the various units enforcement purposes, such as to monitor suspicious or subsidiaries of a financial institution. The sharing of transactions for anti–money laundering efforts and to data is generally not allowed, but should be made very combat the financing of terrorism (AML/CFT) purposes. explicit when this is not the case. Generally, the sharing of The instances where this is permitted should be clearly customer data should be done only with the customer’s stated in the law, which should also include procedures affirmative consent and only for those specific purposes for notification or situations where notification is not to which the customer has provided consent. required. E: DISPUTE RESOLUTION MECHANISMS E1: INTERNAL COMPLAINTS HANDLING a. Pension management companies should be required to have an adequate structure in place as well as written policies regarding their complaints handling procedures and systems—that is, a complaints handling function or unit, with a designated member of senior management responsible for this area, to resolve complaints registered by consumers against the company effectively, promptly, and justly. b. Pension management companies should be required to comply with minimum standards with respect to their complaints handling function and procedures. These include the following: Resolve a complaint within a maximum number of days, which should not be longer than the maximum i. period applicable to a third-party external dispute resolution mechanism. (See E2.) 126   Good Practices for Financial Consumer Protection Make available a range of channels—telephone, fax, email, web—for submitting consumer complaints ii. appropriate to the type of consumers served and their physical location, including offering a toll-free telephone number to the extent possible, depending on the size and complexity of the financial service provider’s operations. Widely publicize clear information on how a consumer may submit a complaint and the channels made iii. available for that purpose, including on pension management companies’ websites, marketing and sales materials, KFSs, standard agreements, and locations where their products and services are sold. (See B1, “Format and Manner of Disclosure.”) Publicize and inform consumers throughout the complaints handling process, and particularly in the iv. final response to the consumer, regarding the availability of any existing ADR schemes. (See E2.) Adequately train staff and agents who handle consumer complaints. v. Keep the complaints handling function independent from business units such as marketing, sales, and vi. product design, to ensure fair and unbiased handling of the complaints, to the extent possible, depending on the size and complexity of the pension management company. Within a short period following the date the pension management company receives a complaint, vii. acknowledge receipt of the complaint in a durable medium—that is, in writing or in another form or manner that the consumer can store—and inform the consumer about the maximum period within which the company will give a final response and by what means. Within the maximum number of days, inform the consumer in a durable medium of the company’s viii. decision with respect to the complaint and, where applicable, explain the terms of any settlement being offered to the consumer. Keep written records of all complaints, while not requiring that the complaint itself be submitted in ix. writing—that is, allow for oral submission. c. Pension management companies should be required to maintain and make available to the supervisory authority up-to-date and detailed records of all individual complaints. d. The pension management company’s complaints handling and database system should allow the company to report complaints statistics to the supervisory authority. e. Pension management companies should be encouraged to use analysis of complaints information to continuously improve their policies, procedures, and products. f. For occupational pension systems, pension fund members should be informed of the right to contact the supervisory authority should any disputes with the sponsoring employer of their pension plan arise. Explanatory Notes informed of how to contact the supervisory authority if Pension fund management companies normally have per- disputes with their employer over their pension provision sonnel or departments responsible for handling disputes arise. This would include the important consumer protec- with their clients. Frequently, this would be corporate cli- tion issue of notifying the supervisory authority if employ- ents, as the companies are dealing with corporate plan ees’ pension contributions have been taken from their sponsors, but they may also have to deal with pension compensation package by their employer but not remit- fund trustees. In a pure retail market, individuals should ted to the pension fund. Pension management companies be made aware of where to lodge complaints, and stan- should be required to keep a log of complaints and regu- dard good practices that apply across financial products larly report complaints statistics to the regulator. should also be adopted. For occupational pension funds, For further details, see the explanatory notes for human resources managers would normally deal with E1 in chapter 1, “Deposit and Credit Products and questions or problems, but individual members should be Services.” Private Pensions   127 E2: OUT-OF-COURT FORMAL DISPUTE RESOLUTION MECHANISMS a. If consumers are unsatisfied with the decision resulting from the internal complaints handling of their employer or a pension management company, they should have the right to appeal within a reasonable timeframe (for example, 90 to 180 days) to an out-of-court ADR mechanism that Has powers to issue decisions on each case that are binding on the employer or pension management i. company (but not binding on the consumer); Is independent of all parties and discharges its functions impartially; ii. Is staffed by professionals trained in the subject(s) they deal with; iii. Has an adequate oversight structure that ensures efficient operations; iv. Is financed adequately and on a sustainable basis; v. Is free of charge to the consumer; and vi. Is accessible to consumers. vii. b. The existence of the ADR mechanism, its contact details, and basic information relating to its procedures should be made known to consumers through a wide range of means, including when a complaint is finalized at the employer or pension management company level. c. If the ADR mechanism has a member-based structure, all pension management companies should be required to be members. Explanatory Notes There could also be arbitration mechanisms in place as Having out-of-court dispute resolution mechanisms for well which could be used by consumers. However, con- consumers to seek redress when they are not satisfied sumers should not be obliged to use such mechanisms with the result of internal complaints handling at the and forgo their right to go to court. Ideally, the compul- employer or pension management company is very sory use of arbitration should be prohibited. For instance, important, particularly in the many countries where the the United States’ Consumer Financial Protection Bureau justice system does not work properly for retail consum- issued a comprehensive study in 2015 that found that ers—that is, it is too burdensome, expensive, unreliable, arbitration clauses in consumer agreements limit con- or not timely. ADR bodies should be in place and follow sumer redress choices, as most consumers do not seek the minimum standards listed above. When establishing arbitration or courts but would be eligible to relief—for an ADR mechanism for resolving consumers’ disputes instance, through class-action settlements.136 The study with financial institutions, policy makers should consider also found that consumers did not realize that arbitration a range of possible models, and the law or regulation clauses limited their right to go to court. should set out clear minimum standards for ADR mech- For further details, see the explanatory notes for anisms, which should be monitored by a supervisory E2 in chapter 1, “Deposit and Credit Products and authority. Services.” 128   Good Practices for Financial Consumer Protection NOTES 1. See “Managing and Supervising Risks in Defined 13. For several parts of the section, see “Comparative Contribution Pension Systems,” Working Papers on Information Provided by Pension Supervisory Authorities,” Effective Pensions Supervision 12 (International Working Papers on Effective Pension Supervision 15 (IOPS, Organisation of Pension Supervisors, October 2010). December 2011). 2. The governance of public sector schemes has been 14. See also “Update of IOPS Work on Fees and Charges,” covered in numerous publications by the World Bank and Working Papers on Effective Pensions Supervision 20 other organizations. For example, see Sudhir Rajkumar and (IOPS, April 2014). Mark Dorfman, eds., Governance and Investment of Public 15. A well-defined and universally applied formula is necessary Pension Assets: Practitioners’ Perspectives (Washington, for the use of such indicators, which is not detailed in the DC: World Bank, 2011). Good Practices. 3. Members of occupational DB schemes are not consumers 16. See Justine S. Hastings and Lydia Tejeda-Ashton, in the pure sense, as they are not voluntary purchasers of a “Financial Literacy, Information, and Demand Elasticity: product. Though the protection of members of these Survey and Experimental Evidence from Mexico,” National schemes is an important topic, it is largely covered by Bureau of Economic Research Working Paper 14538 prudential issues, such as solvency rules and protection (National Bureau of Economic Research, December 2008). schemes in the case of plan sponsor bankruptcy. These 17. See Diagnostic Review of Consumer Protection and issues are beyond the scope of the Good Practices, which Financial Capability, Peru (World Bank, November 2013). focuses on market conduct issues. 18. See “The Role of Supervision.” 4. The area of micropensions and how these should be 19. http://cplatform.mpfa.org.hk/MPFA/english/index.jsp. supervised is a developing area and one not addressed 20. See, for instance, Diagnostic Review of Consumer directly in this chapter. As argued elsewhere in this chapter, Protection and Financial Literacy, Romania (World Bank, an additional duty of care should be afforded to low-in- July 2009). come, vulnerable consumers. Therefore, it is suggested that this topic deserves further investigation. 21. See Gonzalo Reyes and Fiona Stewart, “Transparency and Competition in the Choice of Pension Products: The 5. See G20 High-Level Principles on Financial Consumer Chilean and UK Experience,” Working Paper 7 (IOPS, May Protection (OECD, October 2011). 2008). 6. See G20/OECD Task Force on Financial Consumer 22. See Diagnostic Review, Peru. The individual must select Protection, “Update Report on the Work to Support the among four types that differ in guarantees, survivor Implementation of the G20 High-Level Principles on benefits, and other criteria, and insurance companies Financial Consumer Protection, Principles 4, 6 and 9” receive the individual’s details and provide quotes on the (OECD, September 2013) and “Effective Approaches to adequate pension products available. The highest bid must Support the Implementation of the Remaining G20 be accepted by the affiliate, which must receive at least High-Level Principles on Financial Consumer Protection” three bids, with one day to consider the options and one (OECD, September 2014). possibility for re-quotes. The pension fund must assist by 7. The December 2016 directive of the European Parliament providing information and explaining options but is and of the Council of the European Union on the activities prohibited from giving specific product recommendations. and supervision of institutions for occupational retirement Making decisions on these bases is still difficult, especially provision (IORP II Directive) dedicates a full chapter to given the lack of standardized information for comparing discussing governance systems. offers. 8. The IOPS diagnostic tool for undertaking a complete and 23. See G20/OECD Task Force, “Effective Approaches” comprehensive review of the IOPS Principles can be found (OECD, 2014), Annex, Principle 7, Items 347 and 534. at www.iopsweb.org. 24. See G20/OECD Task Force, “Update Report” (OECD, 9. See also “The Role of Supervision Related to Consumer 2013), Annex, Principle 4, Item 99. Protection in Private Pension Systems,” Working Papers on 25. The IORP II Directive requires that all information to Effective Pensions Supervision 27 (IOPS, 2016). prospective members, members, or beneficiaries must be 10. For further details, see http://www.iopsweb.org/toolkit/. written in a clear manner using comprehensible language 11. For further details, see http://www.iopsweb.org/principle- and should avoid jargon and technical terms as much as sandguidelines/IOPS%20Guidelines%20for%20Supervi- possible. IORPs must also provide their annual accounts sory%20Intervention%20Enforcement%20and%20 and reports and the statement of investment policy Sanctions%20(final%20new%20coverpage).pdf. principles at the request of the member or beneficiary. 12. Australia, Bulgaria, Chile, Israel, Jamaica, Mexico, and 26. See Rinaldi and Giacomel and “The Role of Supervision.” Turkey, among others. See Ambrogio I. Rinaldi and Elisa- 27. See National Employment Savings Trust (NEST), The NEST betta Giacomel, “Information to Members of DC Pension Phrasebook: Clear Communication about Pensions, Version Plans: Conceptual Framework and International Trends,” 2.0 (NEST Corporation, 2014), available at http://www. Working Paper 5 (IOPS, September 2008) for several parts nestpensions.org.uk/schemeweb /NestWeb/includes/ of this GP, as well as G20/OECD Task Force, “Update public/docs/NEST-phrasebook,PDF.pdf, and NEST’s Report” (OECD, 2013), Annex, Principle 4, Item 23. “The Golden Rules of Communications: Talking about Pensions Role of Supervision” also shows that 10 jurisdictions provide with a New Generation of Savers (NEST Corporation, information on fees and charges through comparative 2014), available at http://www.nestpensions.org.uk/ online platforms on the websites of the pension supervisory schemeweb/NestWeb/includes/public/docs/golden- authority, and others intend to follow suit. rules-of-communication,PDF.pdf. Private Pensions   129 28. See Hastings and Tejeda-Ashton. 39. See G20/OECD Task Force, “Update Report” (OECD, 29. The European Insurance and Occupational Pensions 2013), Annex, Principle 4, Item 482. Authority’s (EIOPA) Good Practices on Communication 40. See “The Role of Supervision.” Tools and Channels for Communicating to Occupational 41. See, for instance, G20/OECD Task Force, “Update Report” Scheme Members show that in EU member states, (OECD, 2013), Annex, Principle 4, Item 127 for an example paper-based communication is the most commonly used from the United Kingdom. channel, followed typically by e-mail, and then websites. 42. As stated in G20/OECD Task Force, “Update Report” This applies equally to communication to new members, (OECD, 2013), Principle 4, Item 19: “Before the imposition regular communication to members and beneficiaries, and of a specific disclosure obligation, appropriate and ad hoc communications. Examples of exceptions to the effective consumer testing is carried out to gauge their general trend include Denmark, where ad hoc information benefits and avoid the risk of an overload of information.” about changes directly affecting active members is commu- 43. The IORP II Directive also provides detailed regulation nicated on a public website with an automated decision about information provision. “The Role of Supervision” lists tool and in face-to-face meetings with an adviser, and a number of jurisdictions, including Colombia, Lithuania, Denmark and Croatia, where pre-retirement or at and Portugal, where pre-contractual information must be retirement information is communicated in the first instance approved/monitored by the supervisory authority. via a website. Similar to the case in Malta, the Netherlands, and the United Kingdom, telephone calls are the second or 44. For details and examples for the whole GP, see Rinaldi and third most frequent communication channel. See “Report Giacomel. on Good Practices on Communication Tools and Channels 45. See “EIOPA Report on Costs and Charges of IORPs” for Communicating to Occupational Scheme Members” (EIOPA, January 2015). (EIOPA, August 2016). 46. See “Final Report on Good Practices on Individual 30. “Report on Good Practices” (EIOPA, 2016) lists among Transfers of Occupational Pension Rights” (EIOPA, July good practices if coherent communication strategies with 2015). communication tools and elements are implemented, and if 47. See Waldo Tapia and Juan Yermo, “Implications of a multi-channel strategy is used in communication to Behavioural Economics for Mandatory Individual Account members. See also Occupational Pensions Stakeholder Pension Systems,” OECD Working Papers on Insurance Group (OPSG), “OPSG Statement on Information for Mem- and Private Pensions 11 (OECD, July 2007). bers of Occupational Pension Plans” (EIOPA, March 2013). 48. According to “Report on Investment Options for Occupa- 31. See Rinaldi and Giacomel. tional DC Scheme Members” (EIOPA, January 2015), both 32. “Report on Good Practices” (EIOPA, 2016) also considers it the availability of a default investment option and limiting a good practice if all communication with members can be the choice for investment options are among the main stored in one online platform, and if the employer instruments to facilitate effective investment decision combines related human resource matters (such as making. A majority of member states have occupational information about benefits and entitlements) and pensions DC schemes in which members have no choice. Where in one online platform. member choice applies, it is mostly up to five investment 33. See G20/OECD Task Force, “Update Report” (OECD, options, and a default (passive choice) is often available. In 2013), Principle 4, Item 13: “Information for consumers is most cases, the employer is involved in choosing the displayed on the websites of financial services providers default strategy, which typically consists of life-cycling. and is made available in branches, offices and other client 49. For more details, see, for instance, John Y. Campbell and or consumer areas. This is particularly important for lower Luis M. Viceira, Strategic Asset Allocation: Portfolio Choice income users of financial services or other more vulnerable for Long-Term Investors (Oxford: Oxford University Press, consumers who may lack access to the internet. Regulators 2002); Fabio C. Bagliano, Carolina Fugazza, and Giovanna and supervisors provide guidance to financial services Nicodano, “Pension Funds, Life-Cycle Asset Allocation, providers on disclosure requirements for product and Performance Evaluation,” in Evaluating the Financial information, including when it is provided online or through Performance of Pension Funds, eds. Richard Hinz, Heinz P. electronic devices.” Rudolph, Pablo Antolín, and Juan Yermo (Washington, DC: 34. See Diagnostic Review of Consumer Protection and World Bank, 2010); Gregorio Impavido, Esperanza Financial Capability, Latvia (World Bank, April 2010). Lasagabaster, and Manuel Garcia-Huitron, New Policies for Defined Contribution Pensions: Industrial Organization 35. See Diagnostic Review of Consumer Protection and Models and Investment Products (Washington, DC: World Financial Literacy, Tanzania (World Bank, November 2013). Bank, 2010); Solange Berstein, Olga Fuentes, and Felix 36. See Rinaldi and Giacomel; G20/OECD Task Force, “Update Villatoro, “Default Investment Strategies in a Defined Report” (OECD, 2013), Annex, Principle 4, Items 23 and Contribution Pension System: A Pension Risk Model 232; and Diagnostic Review, Peru. Application for the Chilean Case,” Journal of Pension 37. Available at http://www.nestpensions.org.uk/schemeweb/ Economics and Finance 12, no. 4 (October 2013), 379–414; NestWeb/includes/public/docs/golden-rules-of-communi- “EIOPA’s Fact Finding Report on Decumulation Phase cation,PDF.pdf and http://www.nestpensions.org.uk/ Practices” (EIOPA, October 2014); and Fiona Stewart, schemeweb/NestWeb/includes/public/docs/NEST-phrase- “Proving Incentives for Long-Term Investment by Pension book,PDF.pdf, respectively. Funds: The Use of Outcome-Based Benchmarks,” Policy 38. The IORP II Directive requires that the information must not Research Working Paper 6885 (World Bank, May 2014). be misleading, and consistency must be ensured in the 50. The IOPS survey shows that 13 jurisdictions (about vocabulary and content. one-third of respondents) require that pension service 130   Good Practices for Financial Consumer Protection providers disclose information on the available default Outcomes: A Behavioral Economics Perspective,” Working investment fund(s) and their strategies. See “The Role of Paper 18220 (NBER, July 2012); Raj Chetty, John N. Supervision.” Six regulatory authorities require information Friedman, Soren Leth-Petersen, Torben Nielsen, and Tore disclosure on default contribution rates. Only a few Olsen, “Active vs. Passive Decisions and Crowdout in jurisdictions (for example, Australia, Chile, Colombia, Retirement Savings Accounts: Evidence from Denmark,” Mexico) publish on their websites information on default Working Paper 18665 (NBER, November 2012); John investment funds and default pension schemes. Beshears, James J. Choi, David Laibson, and Brigitte C. 51. For this section, see details in Tapia and Yermo, Rinaldi and Madrian, “Financial Inertia among Low-Income Individuals: Giacomel, and “Supervision of Pension Intermediaries,” Plan Carefully When Setting 401(k) Defaults” (Retirement Working Papers on Effective Pensions Supervision 17 Made Simpler, February 2013), www.retirementmadesim- (IOPS, December 2012). pler.org; “Trends in 401(k) Plans and Retirement Rewards” (WorldatWork and the American Benefit Institute, 2013); 52. See Richard H. Thaler and Cass R. Sunstein, Nudge: Will Sandbrook and Tim Gosling, “Pension Reform in the Improving Decisions about Health, Wealth and Happiness United Kingdom: The Unfolding NEST Story,” Rotman (New Haven: Yale University Press, 2008). International Journal of Pension Management 7, no. 1 53. Voluntary pension systems often have low participation (spring 2014); “Role of Pension Supervisory Authorities in rates, even if supported by tax benefits, matching Automatic Enrolment,” Working Papers on Effective contributions by the employer and the state. Auto-enroll- Pensions Supervision 22 (IOPS, December 2014); and ment features with opt-out possibilities change the default KiwiSaver Annual Statistics, Inland Revenue (New Zealand). option: The worker automatically gets into the system and 54. See, for example, Diagnostic Review of Consumer has an option to step out, whereas traditional voluntary Protection in Financial Services, Russia (World Bank, July systems require active decisions to start saving. The New 2009), where the lack of clear disclosure rules about Zealand and United States 401(k) experiences show that annuitization was the major source of complaints received participation rates indeed increase dramatically. The United by the regulatory authorities. Kingdom is in the process of enrolling 10 million new savers into the auto-enrollment system. Regulators 55. The IORP II Directive requires that IORPs provide naturally have large responsibility in setting the default information about pay-out options to members “in due parameters, such as contribution rates or investment time before the retirement age,” or upon request. portfolios, properly, because most participants will take no 56. One not very obvious and often under-appreciated reason, active decision after enrolled. The New Zealand, United among many others, for starting early communication with Kingdom, and United States experience is important to customers about their planned retirement products is that watch for regulators around the world, since this is a key the investment strategy in the accumulation phase, and element of protecting consumers from a strong foe: especially the details of the life-cycle (de-risking) path, themselves, for not saving enough. For more details on the should take into account the way the customer is expected topic, see Brigitte C. Madrian and Dennis F. Shea, “The to use savings. For example, if a portion is destined for Power of Suggestion: Inertia in 401(k) Participation and lump-sum payout, a segment of the portfolio ought to run Savings Behavior,” The Quarterly Journal of Economics out to cash by the time of retirement, to minimize 116, no. 4 (November 2001), 1149–1187; James J. Choi, investment risks. The amount to be used for annuitization David Laibson, Brigitte C. Madrian, and Andrew Metrick, should be linked to a fixed-income portfolio with the same “For Better or for Worse: Default Effects and 401(k) Savings duration as that of the annuity product for hedging Behavior,” Working Paper 8651 (NBER, May 2001), and annuitization risk—and it’s also important to know the time “Defined Contribution Pensions: Plan Rules, Participant of the planned annuitization, whether immediately at Decisions, and the Path of Least Resistance,” Working retirement or via a deferred annuity. If a part of the savings Paper 8655 (NBER, December 2001); Richard H. Thaler and is to be left behind for inheritance, that could follow an Shlomo Benartzi, “Save More Tomorrow: Using Behavioral equity-dominant strategy similar to the most active ages of Economics to Increase Employee Savings,” Journal of Polit- the accumulation period. See The Future of Retirement: A ical Economy 112, no. 1 (2004); Shlomo Benartzi and Consultation on Investing for NEST’s Members in a New Richard H. Thaler, “Behavioral Economics and the Regulatory Landscape (NEST Corporation, 2014) and The Retirement Savings Crisis,” Science 339, no. 6124 (March Future of Retirement: A Retirement Income Blueprint for 8, 2013), “Automatic Enrollment Shows Promise for Some NEST’s Members (NEST Corporation, 2015). Workers, but Proposals to Broaden Retirement Savings for 57. See Chris O’Brien, Paul Fenn, and Stephen Diacon, “How Other Workers Could Face Challenges” (United States Long Do People Expect to Live? Results and Implications,” Government Accountability Office, October 2009); “Trends Research Report 2005-1 (Centre for Risk and Insurance and Experience in 401(k) Plans” (Hewitt Associates, 2009); Studies, June 2005) and David Blake, “The Consequences “2013 Trends and Experience in Defined Contribution of Not Having to Buy an Annuity,” Discussion Paper Plans: An Evolving Retirement Landscape” (Aon Hewitt, PI-1409 (Pensions Institute, June 2014). 2013); Jack VanDerhei, “The Impact of Automatic 58. These include Armenia, Austria, Bulgaria, Iceland, Israel, Enrollment in 401(k) Plans on Future Retirement Accumula- Mauritius, and the Netherlands. In some other jurisdictions, tions: A Simulation Study Based on Plan Design Modifica- life annuity is the default product. See “Supervising the tions of Large Plan Sponsors,” Brief 341 (EBRI, August Distribution of Annuities and Other Forms of Pension 2010); James J. Choi, David Laibson, and Brigitte C. Pay-Out,” Working Papers on Effective Pensions Supervi- Madrian, “$100 Bills on the Sidewalk: Violations of sion 21 (IOPS, December 2014). No-Arbitrage in 401(k) Accounts,” The Review of 59. There is an additional implication of voluntary annuitization, Economics and Statistics 113, no. 3 (August 2011), 748–63; rather than mandatory, and that is possible negative Brigitte C. Madrian, “Matching Contributions and Savings selection. There is a danger (for insurers) that those Private Pensions   131 shunning life annuities may have undisclosed insider and “The Role of Supervision,” which shows that 10 knowledge about their shorter life expectancy, while those jurisdictions require pension projections from pension expecting to live longer (for instance, based on family service providers, or regulatory authorities provide histories) would be overrepresented among clients projections themselves. In Austria, Lithuania, and Poland, purchasing annuities. Such a potential selection bias benefit projections are made by public authorities other motivates insurance companies to charge a higher risk than pension regulatory authorities. Ten regulatory premium across the board. Mandatory annuitization solves authorities provide pension projections via online the problem and leads to lower prices, contributing in this calculators on their (or other educational) websites. See way to consumer protection. also “The Role of Supervision” for a useful summary and 60. Retirees may have urgent needs for cash, such as for description of different benefit projection tools. paying back debts, or they may want to leave a part of 76. “Report on Good Practices” (EIOPA, 2016) considers it a their savings behind as inheritance. Other legitimate uses good practice if members are offered the use of pension may also exist. calculators. 61. See “EIOPA’s Fact Finding Report on Decumulation Phase 77. See Pablo Antolín and Olga Fuentes, “Communicating Practices.” Pension Risk to DC Plan Members: The Chilean Case of a 62. For a useful summary of their systems, see “EIOPA’s Fact Pension Risk Simulator,” Working Papers on Finance, Finding Report on Decumulation Phase Practices.” Insurance and Private Pensions 28 (OECD, October 2012) and Berstein, Fuentes, and Villatoro. 63. See David Blake, “The Consequences of Not Having to Buy an Annuity.” 78. See “Comparative Information Provided by Pension Supervisory Authorities.” 64. See also “Supervising the Distribution of Annuities and Other Forms of Pension Pay-Out.” 79. The IORP II Directive requires that the pension benefit statement sent to members includes “information on 65. See Diagnostic Review of Consumer Protection and pension benefit projections based on the retirement age, Financial Literacy, Croatia (World Bank, February 2010). and a disclaimer that those projections may differ from the 66. More than 20 jurisdictions introduced such requirements. final value of the benefits received. If the pension benefit See the IOPS survey in “The Role of Supervision,” which projections are based on economic scenarios, that also shows that a key information document for pension information shall also include a best estimate scenario and products is still not a very common practice, and it typically an unfavourable scenario, taking into consideration the covers the accumulation phase only. Therefore, according specific nature of the pension scheme.” The directive to IOPS, a similar document for the benefit pay-out options leaves it to member states to “set out rules to determine could require supervisory attention or action in the future. the assumptions of the projections. Those rules shall be 67. A standard requirement is a minimum font size of 11 applied by IORPs to determine, where relevant, the annual points. rate of nominal investment returns, the annual rate of 68. It has to be noted that in previous World Bank diagnostic inflation and the trend of future wages.” Finally, on request, surveys, practically no country had regulations in place the IORP must provide additional information to members regarding standardized KFSs for pension products. The or beneficiaries about the assumptions used in projections. G20 FCP Principles do not list pension-related coun- 80. See “The Role of Supervision.” try-level best practices in this area, either. 81. See G20/OECD Task Force, “Update Report” (OECD, 69. For important details, see “Risks Related to DC Pension 2013), Annex, Principle 4, Item 100. Plan Members,” “Risk Mitigation Mechanisms for DC 82. The application may be found at http://www.safp.cl/apps/ Related Risks,” and “Report on Pre-Enrolment Information simuladorPensiones/. to Pension Plan Members” (EIOPA, July 2011); “Good 83. “Report on Good Practices” (EIOPA, 2016) considers it a Practices on Information Provision for DC Schemes” good practice if online tracking services (which provide (EIOPA, January 2013); and “Report on Good Practices” members accurate knowledge about their entitlements) (EIOPA, 2016). can also serve as a communication channel to send out 70. See OPSG, “OPSG Statement on Information for Members alerts. “Report on Good Practices” also acknowledges that of Occupational Pension Plans.” members 17 member states receive such ad hoc informa- 71. See “EIOPA Report on Costs and Charges of IORPs.” tion via paper-based channels most frequently, followed 72. For example, the IORP II Directive gives detailed regulation by email and then personal online accounts. See also about the pension benefit statement to be provided to endnote 29. members. In 15 jurisdictions responding to the IOPS (2016) 84. For instance, the IORP II Directive requires that “IORPs survey, there is a requirement to disclose benefit state- shall inform beneficiaries without delay after a final decision ments in a standardized format. See “The Role of has been taken resulting in any reduction in the level of Supervision.” benefits due, and three months before that decision is 73. Such as Sharpe ratios or value-at-risk indicators. implemented.” 74. Such as Australia, Austria, Bulgaria, Hong Kong, Ireland, 85. For further details for the whole section, see “OECD Israel, Italy, Mexico or Turkey. See Rinaldi and Giacomel. Guidelines for the Protection of Rights of Members and 75. Australia, Chile, Hong Kong, Ireland, Mexico, Poland, Beneficiaries in Occupational Pension Plans” (OECD, Turkey, and the United Kingdom, among others. For this 2003). See also “OECD Core Principles of Private Pension whole section, see Rinaldi and Giacomel; Pablo Antolín Regulation” (OECD, 2016), Core Principle 10: “Access to and Debbie Harrison, “Annual DC Pension Statements and personal private pension plans should be non-discrimina- the Communications Challenge,” Working Papers on tory. Regulation should ensure that individuals are treated Finance, Insurance and Private Pensions 19 (OECD, 2012); equally and fairly.… Pension funds and pension entities, 132   Good Practices for Financial Consumer Protection their external service providers and authorised agents, and 97. Benefits are vested if the employee has a fixed and other intermediaries operating in the personal pensions immediate right to the benefits accrued. The value may still market should work in the best interest of plan members fluctuate in DC plans with market valuations, while in DB and be responsible and be held accountable for upholding plans with interest rate assumptions. financial consumer protection. In general, members of 98. See “OECD Guidelines for the Protection of Rights of personal pension plans should have the right to full Members and Beneficiaries in Occupational Pension portability.” Plans.” 86. See G20/OECD Task Force, “Update Report” (OECD, 99. See “OECD Core Principles of Private Pension Regulation,” 2013), Principle 6, Item 6: “Acting in the best interest of Core Principle 8. the consumer excludes practices such as misleading or 100. Ninety percent of UK private-sector DB schemes are closed aggressive commercial practices or exploitation of to new members now, and around 40 percent are closed to consumer vulnerabilities and unfair contractual terms.” future accrual of benefits. See, for instance, “Workplace See also “OECD Core Principles of Private Pension Pensions: Challenging Times. Final Report of the ACA’s Regulation,” Core Principle 10. 2011 Pension Trends Survey” (Association of Consulting 87. For instance, mystery shopping exercises in India and Actuaries, 2012). Mexico found that agents offered better advice to 101. See “Automatic Transfers: Consolidating Pension Savings” consumers who emphasized that they had shopped (Department for Work and Pensions, April 2013). around, whereas inexperienced consumers, perceived to 102. It has to be noted that in previous World Bank diagnostic have lower levels of financial literacy, received inferior surveys undertaken, there was hardly any country found advice and less product information. See Rafe Mazer, which would have cooling-off rules for voluntary pension Katharine McKee, and Alexandra Fiorillo, “Applying products. The OECD/G20 Effective Approaches illustrating Behavioral Insights in Consumer Protection Policy,” Focus the High-Level Principles of Consumer Protection do not Note 95 (CGAP, June 2014). list pension-related country-level best practices in this area, 88. See Debbie Harrison, David Blake, and Kevin Dowd, either. “Caveat Venditor: The Brave New World of Auto- 103. See “Final Report on Good Practices on Individual Enrolment Should Be Governed by the Principle of Seller Transfers of Occupational Pension Rights.” Not Buyer Beware” (Pensions Institute, October 2012). 104. See “OECD Guidelines for Pension Fund Governance: 89. See “Supervision of Pension Intermediaries” (IOPS, (OECD, 2009) and “OECD Core Principles of Private December 2012). Pension Regulation,” Core Principle 3. 90. Within the framework of the TCF approach, providers 105. See “The Role of Supervision.” develop their own internal set of policies and procedures. Malaysia, South Africa, the United Kingdom, and other 106. See G20/OECD Task Force, “Update Report” (OECD, countries have put in place or are planning such frame- 2013), Annex, Principle 6, Items 134 and 136. works. See Mazer, McKee, and Fiorillo. 107. See G20/OECD Task Force, “Update Report” (OECD, 91. See Diagnostic Review, Peru (World Bank, 2013). 2013), Annex, Principle 6, Item 161. 92. See G20/OECD Task Force, “Update Report” (OECD, 108. See G20/OECD Task Force, “Update Report” (OECD, 2013), Principle 4, Item 41: “Regulators remind consumers 2013), Annex, Principle 6, Item 175. to provide the financial services provider or authorised 109. See at https://trusteetoolkit.thepensionsregulator.gov.uk/. agent with as much relevant information as necessary 110. For instance, in Australia, Bulgaria, Hong Kong, Namibia about their circumstances and not to withhold relevant and the Netherlands. For examples for this section, see information so that the latter can fully assess their financial “Supervision of Pension Intermediaries” (IOPS, December situation and risk appetite and expectations, appropriately 2012). characterize them and understand what the consumer 111. For example, in Costa Rica, Serbia, Slovakia, Thailand, and really needs and wishes. Consumers’ responsibility to Turkey. provide information is balanced by a regulatory require- 112. For instance, in Austria, Hong Kong, Mexico, or the ment for financial service providers to seek all relevant Netherlands. information from the consumer.” 113. Such as Costa Rica, Hong Kong, India, Mexico, Nigeria, 93. See G20/OECD Task Force, “Update Report” (OECD, Peru, Slovakia and Turkey. 2013), Annex, Principle 6, Item 56. 114. See “Supervision of Pension Intermediaries” (IOPS, 94. For instance, in Russia, it is illegal to prompt participants to December 2012) and Diagnostic Review, Peru (World Bank, switch to a private non-governmental pension fund, but 2013). transfer agents may still be able to initiate this at the level of human resources managers. See Diagnostic Review, 115. See “Supervision of Pension Intermediaries” (IOPS, Russia (World Bank, July 2009). December 2012) and Diagnostic Review, Peru (World Bank, 2013). 95. For example, in Hong Kong, Israel, Kenya, Peru, and Turkey. See Rinaldi and Giacomel, and Diagnostic Review, 116. This is the so-called blind account system. See R. Kent Peru (World Bank, 2013). Weaver, “Design and Implementation Issues in Swedish Individual Pension Accounts,” Working Paper 2005-05 96. The broader question of whether switching in general, and (Center for Retirement Research at Boston College, April its frequency in particular, should be allowed for pension 2005); Diagnostic Review, Latvia (World Bank, April 2010); fund members is a policy issue which is beyond the scope and “Supervision of Pension Intermediaries” (IOPS, of this chapter. The GPs herein focus on addressing how to December 2012). facilitate switching in a manner that protects members’ interests. Private Pensions   133 117. As stated in “G20 High-Level Principles on Financial 127. See G20/OECD Task Force, “Effective Approaches” Consumer Protection” (OECD, October 2011), Item 6: (OECD, 2014), Annex, Principle 7, Item 78. “The remuneration structure for staff of both financial 128. Regulations in Chile require, among others, that the services providers and authorised agents should be pension fund must vote for suitable and independent designed to encourage responsible business conduct, fair directors in portfolio companies; that at least two of the treatment of consumers and to avoid conflicts of interest. five directors of the pension fund must be independent; or The remuneration structure should be disclosed to that top officers, asset managers, and sales agents be customers where appropriate, such as when potential prohibited from simultaneously holding similar positions in conflicts of interest cannot be managed or avoided.” entities that belong to the same holding as the pension 118. See G20/OECD Task Force, “Update Report” (OECD, fund administrator. Insider trading disclosure is likewise 2013), Principle 6, Item 29: “Financial services providers and required. Similar rules in many countries ensure that clients’ authorised agents ensure adequate procedures and interests are not overshadowed by those of service controls are in place so that staff are not remunerated solely providers and insider individuals. See G20/OECD Task on sales performance but include factors such as consumer’ Force, “Effective Approaches” (OECD, 2014), Annex, satisfaction, loan repayment performance, product Principle 7, Item 20. For a more detailed discussion of retention, compliance with regulatory requirements/best pension fund governance in general, see Fiona Stewart practices guidelines and codes of conduct which are related and Juan Yermo, “Pension Fund Governance: Challenges to best interest of customers, satisfactory audit/compliance and Potential Solutions,” Working Papers on Insurance review results and complaint investigation results.” and Private Pensions 18 (OECD, June 2008). 119. The IORP II Directive requires that a remuneration policy 129. See, for instance, G20/OECD Task Force, “Effective should be in place. It must be in line with the long-term Approaches” (OECD, 2014), Annex, Principle 7, Item interests of members and beneficiaries, include measures 259 (Chile). to avoid conflicts of interest, and not encourage risk–taking 130. See “OECD Guidelines on Funding and Benefit Security that is inconsistent with the risk profiles and rules of the in Occupational Pension Plans” (OECD, 2006) and Fiona IORP. Stewart, “Benefit Security Pension Fund Guarantee 120. For example, in India, Nigeria, and Pakistan, only flat fees Schemes,” Working Papers on Insurance and Private are allowed. For this whole GP, see “Supervision of Pension Pensions 5 (OECD, January 2007). Intermediaries” (IOPS, December 2012). 131. Intermediaries, advisers, and pension schemes gather vast 121. Albania, Bulgaria, Colombia, Costa Rica, India, Macedonia, amounts of data, including personal information, in order Nigeria, the Netherlands, and Pakistan, among others. to conduct their daily tasks. This information is sensitive to 122. For example, in Mexico, Spain, and Thailand. misuse or breaches, which has the potential to cause harm to consumers. This section touches on only a few select 123. See for instance David Blake, Bruce N. Lehmann, and Allan issues with respect to data protection and privacy that are Timmermann, “Performance Clustering and Incentives in most relevant to financial consumer protection. the UK Pension Fund Industry,” Discussion Paper PI-9901 (Pensions Institute, July 2001); David Blake and Allan 133. See, for example, (a) Universal Declaration of Human Timmermann, “Performance Benchmarks for Institutional Rights, Article 12 (United Nations, 1948), (b) Convention Investors: Measuring, Monitoring and Modifying Investment for the Protection of Human Rights and Fundamental Behaviour,” Discussion Paper PI-0106 (Pensions Institute, Freedoms, Article 8 (European Court of Human Rights, June 2002); and Pablo Castañeda and Heinz Rudolph, “Port- 1950), available at http://www.coe.fr/eng/legaltxt/5e.htm, folio Choice, Minimum Return Guarantees, and Competi- (c) Convention for the Protection of Individuals with Regard tion in Defined Contribution Pension Systems,” and Luis to the Automatic Processing of Personal Data, ETS No. 108 Viceira, “Application of Advances in Financial Theory and (Council of Europe, 1981), available at http://www.coe.fr/ Evidence to Pension Fund Design in Developing Econo- eng/legaltxt/108e.htm, and (d) International Covenant on mies,” in Evaluating the Financial Performance of Pension Civil and Political Rights (United Nations, 1966), available Funds, eds. Richard Hinz, Heinz P. Rudolph, Pablo Antolín, at http://www.hrweb.org/legal/cpr.html. and Juan Yermo (Washington, DC: World Bank, 2010). 134. OECD Guidelines Governing the Protection of Privacy and 124. See Stewart, “Proving Incentives for Long-Term Investment Transborder Flows of Personal Data (2013), Section 7. by Pension Funds.” 135. Convention for the Protection of Individuals with Regard 125. See G20/OECD Task Force, “Effective Approaches” to Automatic Processing of Personal Data (Council of (OECD, 2014), Items 217–218: “When pension funds are Europe, 1981). managed by insurance undertakings, all assets and 136. The study was mandated by the Dodd-Frank Act. liabilities corresponding to pension funds are ring-fenced, See http://www.consumerfinance.gov/newsroom/ managed and organised separately from the other cfpb-study-finds-that-arbitration-agreements-limit-relief- activities of the insurance undertakings, without any for-consumers/. possibility of transfer. Insurance companies set aside special accounts for pension savings, retirement insurance and variable insurance. Thus insurance companies separate the assets in the special accounts from the rest of the assets of the companies for actuarial process.” See also Annex, Principle 7, Item 512 (Korea). 126. For instance, see G20/OECD Task Force, “Effective Approaches” (OECD, 2014), Annex, Principle 7, Item 20 (Chile). 4 SECURITIES Consumer protection in the securities sector is critical the regulatory framework protecting consumers. The to the development of the depth and integrity of the basic laws must give the government institutions charged securities markets.1 The relationship between an entity with overseeing the securities markets the necessary fund- offering to purchase or sell securities, investment advice, ing, staffing, and regulatory powers to carry out their job. or collective investments—such as a securities intermedi- The authority must be able to establish entry requirements ary (intermediary),2 investment adviser (adviser),3 or col- for intermediaries, advisers, and CIUs that wish to be lective investment undertaking (CIU)4—and its clients is licensed by the authority to engage in activities in the one of the core pillars for the fair, sound, and efficient securities markets. The authority should require reporting functioning of the securities markets. The creation, main- from licensed entities and conduct examinations as tenance, and enforcement of the integrity of that relation- needed. If violations of the financial consumer protection ship are key objectives of governmental regulatory laws and regulations for securities are found, the authority activity, industry self-regulation, and international coop- must be able to seek administrative and civil sanctions eration that form the basis for the development of these and related orders aimed at prohibiting the continuation good practices (GPs). of the prohibited conduct; recover client assets; make referrals to criminal authorities; and discourage the pro- Consumer protection in the securities sector requires a hibited conduct in the future in such venue as provided by robust legal framework. Consumer protection provisions law. Self-regulatory organizations (SROs) can assist the for clients of intermediaries, advisers, and CIUs are gener- authority in providing consumer protection. The authority ally found in securities laws but can also be found in other should also be responsible, along with the stock exchanges laws regarding financial consumer protection. Regulations and SROs, for dissemination of information about the implementing these laws should contain detailed provi- market, in order to inform consumers about the basic sions regarding consumer protection, such as prohibitions financial instruments available in the market and how they against false advertising, misrepresentations, and mis-sell- are traded; the activity on the stock exchanges and the ing in marketing literature and oral sales presentations. In more informal over-the-counter (OTC) markets; and possi- addition, civil courts, as well as non-judicial dispute reso- ble fraudulent schemes that are being used in the author- lution schemes, should give consumers appropriate and ity’s jurisdiction. accessible forums for resolving complaints of misconduct. The development of consumer protection in the securi- Consumer protection needs experienced and compe- ties markets requires a transparent market and a regu- tent government institutions to implement the legal latory system that mandates full disclosure of material framework. A securities authority (authority)5 should have information that is critical to consumers in making their the primary responsibility for consumer protection and decisions to invest. Intermediaries, advisers, and CIUs must be able to use robust supervisory and disciplinary should disclose all significant terms and conditions of their mechanisms and processes to enforce compliance with contracts with consumers, including fees, charges, and   135 136   Good Practices for Financial Consumer Protection risks related to investments. In particular, CIUs should also tions. However, many areas of the securities markets that have a key facts statement (KFS) that summarizes the pri- can be considered related to “investor protection”—such mary characteristics of the CIU. Material conflicts that may as securities exchanges, clearing and settlement, and cor- exist between consumers and their intermediaries, advis- porate governance of issuers—are not covered in this ers, CIUs, and their service providers should be disclosed, chapter, since they do not deal directly with the relation- along with the way in which conflicts are being managed. ship between the seller and consumer of securities prod- ucts and services. Such areas are also already extensively The requirement for high business ethics and conduct covered by principles and good practices prepared by must be firmly embedded in the consumer protection other international organizations. regime. It is a core principle of consumer protection that there should be no unfair terms in contracts between con- These GPs follow on and draw from work conducted by sumers and intermediaries, advisers, and CIUs, particularly the World Bank to evaluate financial consumer protec- terms that take away the basic rights of consumers. Sales tion in more than 35 countries6, and are a refinement of materials and advertisements, as well as oral presentations, the 2012 edition of the Good Practices for Financial should fully disclose the characteristics of the securities, Consumer Protection.7 Due to the increasing intercon- advice, or CIUs that are being offered and should not con- nectedness across different financial sectors, such as bank- tain any deceptive information. Intermediaries, advisers, ing, insurance, pensions, and securities, and the increasing and CIUs should make sure that all investments recom- similarity and overlapping characteristics of the products mended to consumers are suitable, based on the informa- and services they provide, the GPs are cross-sectoral and tion disclosed by the consumers regarding their investment use a uniform structure to analyze the various financial sec- experience, financial condition, and investing goals. tors. This approach assists the World Bank in preparing its development programs in the financial sector and helps to In addition, rules must be in place to protect consum- shine a light on the gaps that exist in certain sectors in ers from the misuse and misappropriation of their providing good financial consumer protection. assets, as well as the theft of their confidential informa- tion or invasion of their privacy. The safeguarding of In the securities sector, these GPs draw on work done assets is critical to creating consumer confidence in the by the International Organization of Securities Com- securities markets and should be structured so a client’s missions (IOSCO) in the field of investor protection, assets can be transferred quickly in the event that the cli- including the Objectives and Principles of Securities ent’s intermediary, adviser, or CIU is required to wind up Regulation (IOSCO, June 2010) and other studies cited its activities. throughout the chapter. However, unlike the IOSCO Principles of Securities Regulation, these GPs are not These GPs provide a framework for evaluating the pro- mandatory principles; rather, they are good practices tection of consumers in their relationship with interme- culled from a range of international materials and country diaries, advisers, and CIUs. In terms of scope, this examples that expand on more general principles and can chapter focuses specifically on the relationship between be drawn upon by policy makers as a resource. Moreover, intermediaries, advisers, and CIUs and the consumers of they deal in detail with the issues related to the relation- their services. These GPs include CIUs since they are one ship between the seller and consumer of securities prod- of the most common retail products in the securities mar- ucts or services, including specific sales practices, kets; they can and do sell directly to retail investors, and advertising, recordkeeping, and specific information to be their sales practices have been recognized as a particular given to consumers, such as warnings, KFSs for CIUs, the subject for the analysis of retail transactions by national existence of conflicts of interest, and dispute resolution securities regulators and international securities organiza- mechanisms. A: LEGAL AND SUPERVISORY FRAMEWORK A1: CONSUMER PROTECTION LEGAL FRAMEWORK a. There should be legal provisions that create an effective regime for the protection of consumers in the securities sector. b. The legal regime should contain specific, enforceable laws, rules, and regulations setting forth the legal duties, obligations, and prohibitions for licensed and unlicensed persons8 acting as intermediaries, advisers, Securities  137 and CIUs in their dealings with consumers, particularly in the solicitation of funds from, and giving advice to, consumers. c. The legal regime should provide for the entry criteria and licensing of persons who solicit, manage, safe keep, or give advice regarding consumer funds in order to provide protection to the consumers who use the services of such persons. The following persons should be licensed: Persons who solicit funds from the public for securities, investment products, and financial services, i. including employees, agents, representatives, or contractors of such persons who personally engage in the solicitation of funds from the public Persons who hold or safe keep funds and assets for clients in relation to securities, investment ii. products, and financial services Persons who manage or control funds solicited from the public in relation to securities, investment iii. products, and financial services Persons who give investment advice to specific consumers; however, if a jurisdiction does not require iv. licensing for persons who only give investment advice, such persons should be subject to the anti-fraud provisions of the securities laws, or other consumer laws should apply to the activity of such persons d. The licensing process should, at a minimum, require that The applicant’s beneficial owners, board members, senior management, and people in control i. functions demonstrate integrity and competence; and There are appropriate governance and internal control systems in place, including specific controls ii. to mitigate conduct of business risk. e. The legal regime should provide for the supervision of intermediaries, advisers, and CIUs to ensure their compliance with the law and regulations governing their activity. f. The legal regime should provide for legal proceedings and sanctions for violations of the laws, rules, and regulations regarding dealings with consumers, including conducting business without a license, improper sales practices, and advice regarding securities. g. The legal regime should provide for a standard of care that intermediaries, advisers, and CIUs should follow when dealing with consumers. h. There should be an effective governmental authority with the authority to promulgate or recommend the promulgation of regulations and sufficient powers to carry out regulatory and supervisory responsibilities with respect to consumer protection. Explanatory Notes Laws that are specific to the securities market provide Consumer protection in the securities markets requires a needed detail in terms of the conduct required of market robust legal framework.9 A legal framework provides clar- actors and the consequences for violating regulations. ity as to the responsibilities of intermediaries, advisers, General business-oriented and fraud statutes do not pro- and CIUs in dealing with potential and existing clients. vide sufficient clarity at a granular level to guide a market The framework also provides the basis for the protection participant in the conduct of business in the securities of consumers by requiring disclosure and prohibiting markets. In some countries, a general financial consumer unfair and fraudulent acts. A robust legal framework gives protection law will overlap with the securities laws in the the authority the power to monitor the activity in the secu- regulation of consumer protection. These provisions rities market directed at consumers and to take legal should be harmonized with the securities laws and give action to enforce compliance with the law. Specific laws— precedence to the securities law as the specific sub- such as securities laws, collective investment laws, central ject-matter law in the event of a conflict between the two. depository laws, and exchange laws—address different The legal framework for the regulation of the securities consumer protection issues. Regulations are required to market is grounded in the power of the authority to give implement these laws and to describe legal requirements approval to persons to conduct business in the securities in sufficient detail in order to allow the authority to super- sector.10 Different jurisdictions set different requirements vise the market and market participants to be informed as regarding which officers and employees of a business to the proper conduct for operating in the market. entity should be licensed, but at least the managers of a 138   Good Practices for Financial Consumer Protection licensed person should also obtain a license, in addition mediation license. Principle 29 of the IOSCO Methodology to the entity itself. A process for providing approval for Assessing Principles recognizes that registration of through licensing allows authorities to evaluate which per- advisers may not be required if they do not hold client sons are ethically and operationally capable and qualified money or deal in securities on behalf of clients.12 Nonethe- to operate in the sector and to exclude persons who are less, there should be legal norms and oversight for these not. By consenting to enter into a licensed environment, a advisers. At the minimum, advisers should be subject to person agrees to allow the authority to have full access to the anti-fraud provisions of securities and consumer pro- his or her activities for the purpose of supervision. Further, tection laws. by obtaining a license, persons consent to the use of Since salespersons for securities or advice are the direct administrative procedures to determine their suitability to link between the intermediary, adviser, or CIU and consum- retain a license and, if warranted, to have sanctions ers in the securities sector, they should be properly qualified imposed for violations of securities laws and regulations. and knowledgeable about the products and advice that Persons who provide investment advice but don’t inter- they are selling. In addition to evaluating the background mediate securities have become an increasingly important and education of the salespeople, the authority, in collabo- issue for the protection of financial consumers.11 If such ration with SROs and industry associations, could prepare persons hold client assets, they should be licensed by the an examination to determine such competency. The author- securities authority. If they only give advice, the oversight ity could administer the examination or delegate the of such persons varies greatly between jurisdictions. Some responsibility to an SRO or other qualified test administrator jurisdictions, such as Hong Kong, Singapore, and the to be conducted under the supervision of the authority. The United States, require a separate license for advisers. authority should adopt continuing-education requirements Other jurisdictions, such as the Czech Republic, Indonesia, for licensed salespeople so that they are up to date on new and the Jersey Islands, do not have a separate license for products and practices in the securities sector. advisers whose activity is generally within a general inter- A2: INSTITUTIONAL ARRANGEMENTS AND MANDATES a. There should be a regulatory authority or authorities (“authority” or “authorities”) with a clear legal mandate for the implementation and enforcement of the legal regime for consumer protection in the securities sector. b. The authority should have powers in the law to fully carry out its responsibilities. c. The authority should have sufficient funding and staff to perform its mandate. d. The authority should have legal protections to protect supervisory staff from personal litigation in the good-faith exercise of their supervisory duties. e. The authority should be operationally independent from external interference from political, commercial, and other sectoral interests. f. The authority should be responsible for the following: Licensing and supervising persons who solicit funds from the public for securities, investment i. products, and financial services If permitted by law, promulgating rules and regulations related to consumer protection ii. Implementing the laws, rules, and regulations related to consumer protection iii. Enforcing consumer protection laws, rules, and regulations iv. Educating the public in the area of the securities markets v. Collecting and analyzing data (including complaints, disputes, and inquiries) regarding the extent of vi. consumer protection in the market Giving advice to the public regarding compliance with the law vii. Giving advice to the government regarding the state of the securities market viii. If regulations are promulgated by other government institutions, making recommendations to the ix. government regarding the regulations needed to implement the provisions in the securities and consumer protection laws Securities  139 g. If there is more than one governmental authority responsible for the supervision of intermediaries, advisers, and CIUs, the different authorities should have a memorandum of understanding between themselves to share information related to all consumer protection issues, including the results of examinations. h. If the authority has delegated responsibilities regarding consumer protection to a SRO, the SRO should act under the supervision of the authority and provide the authority with unfettered access to information regarding its activities. i. If there are industry associations in the securities sector, they should coordinate their activities with the authority, including by doing the following: Encouraging high ethical standards in their membership through adherence to codes of conduct i. Establishing a process for complaint handling and resolution ii. Promoting financial literacy iii. Disseminating statistics and analyses regarding the securities sector iv. Explanatory Notes In the event of multiple authorities that deal with finan- An authority should be given the primary responsibility for cial consumer protection, memorandums of understand- regulating consumer protection in the securities sector. ing need to be entered into by the different authorities, to IOSCO Principles of Securities Regulation 1–8 set forth ensure that their responsibilities complement and support the primary responsibilities of a securities authority. The each other without creating gaps in regulation, supervi- responsibilities of the authority need to be clear and well sion, and enforcement.14 This is also needed if consumer defined, and its regulatory processes need to be clear, protection and financial literacy for the securities sector transparent, and consistent. The authority cannot fulfill its are covered by governmental agencies with a more gen- responsibilities without sufficient staffing and funding. eral jurisdiction over consumer protection across all of the Even more important, it must have the full set of regula- finance sector and economy. tory powers to establish regulations, license participants, SROs are useful in the regulation of the securities mar- conduct audits and investigations, and bring disciplinary kets. There are a several different models for SROs. With proceedings to impose sanctions for misconduct and respect to the securities sector, the term SRO is somewhat non-compliance with the regulatory framework. This of a misnomer since the authority of a self-regulatory ensures that a comprehensive, integrated system of rules organization to carry out its regulatory activity is often will apply to participants in the market and that the partic- based on legislative acts or delegated powers from the ipants will have clarity as to their regulatory obligations. securities authority and it is subject to supervision by the The authority should be independent of political and securities authority. The key characteristic of the SRO is industry interference in the regulation of the securities mar- the delegated authority to regulate parts of the securities ket. This does not mean that it is not accountable to the market and to create rules that it can enforce through legislature or executive branches of the government. How- meaningful sanctions. In some jurisdictions, such as the ever, as clarified in Principle 2 of the IOSCO Methodology United States, securities and derivative broker/dealers are for Assessing Principles, it does mean the authority should required to be a member of a SRO that conducts exam- be operationally independent as it carries out its responsi- inations and determines the qualifications of broker/deal- bilities—which is to say that day-to-day implementation of ers and their officers and employees. The SROs also have its regulatory responsibilities, including examinations and a set of regulations for the conduct of the member broker/ proceedings to enforce the law, should be handled without dealers and their officers and employees that the SRO can external political interference or interference from com- enforce with disciplinary action, including the loss of the mercial or other financial sector interests.13 license and right to operate in the securities market as a These GPs do not take a position on the structure of broker/dealer. regulatory and institutional arrangements, as long as the Many jurisdictions have industry associations that overall result is effective regulation. In some jurisdictions, advocate and lobby for the interests of their particular such as Australia and the United Kingdom, regulation for subsector, such as brokers and asset managers, and pro- the securities markets is done by more than one govern- vide standards of conduct for their members in the area of mental authority, such as in the twin peaks supervisory consumer protection. These institutions also play an model, which creates both prudential and market conduct important role in encouraging good practices toward con- authorities. sumers by their members. 140   Good Practices for Financial Consumer Protection A3: REGULATORY FRAMEWORK a. There should be a comprehensive regulatory framework for the functioning of the securities sector that provides strong consumer protection. b. The regulatory framework should ensure that the processes used by the authority for exercising its mandate are consistently applied, comprehensible, transparent, and fair and equitable. c. The regulatory framework should include a clear statement of the policy basis for regulation, such as a principles-based, rules-based, or a hybrid regulatory system. d. An effective regulatory framework to implement consumer protection provisions in the securities laws should include at least the following: Effective enforcement of legal norms for consumer protection i. A system for handling consumer complaints, both internally at intermediaries, advisers, and CIUs and ii. externally through a non-judicial alternative dispute resolution (ADR) mechanism in the event that matters cannot be resolved informally Legal provisions requiring intermediaries, advisers and CIUs to maintain the privacy and confidentiality iii. of consumers’ personal and financial information Legal provisions for the safekeeping of customer funds and assets, including segregation of funds and iv. assets, the creation of depositories, and custodians for investor securities and assets in CIUs Legal provisions for the speedy return of funds and assets to consumers in the event of the insolvency v. of an intermediary, investment adviser, and CIU, including, if appropriate, the creation of an investor guarantee fund A program for financial literacy for consumers vi. A requirement for continuing education for professionals in the securities sector vii. e. The regulatory framework should also provide for the following: The power for the authority to provide advice to the government as an expert agency regarding the i. operation of the securities market and needed legislation for consumer protection The power for the authority to conduct research and issue studies on the condition and operation of ii. the securities market as it provides consumer protection, for use by policy makers and investors in evaluating the operation of the market A requirement that the authority should cooperate with other agencies and foreign authorities in the iii. enforcement of the securities laws for the protection of consumers Explanatory Notes There are currently several types of regulatory In order for consumer protection in the securities sector to approaches. The rules-based approach is the most com- be effective, it must have a sound framework for the regu- mon and relies on compliance with detailed rules regard- lation of the sector. The laws and regulations that contain ing conduct in the securities sector.16 The principles-based consumer protection provisions must be robust and com- approach relies more on securities sector participants fol- prehensive. The regulatory process must also be open lowing general principles of behavior. It focuses on out- and transparent and provide for input from the public and comes of behavior, rather than compliance with specific industry participants so that the process is viewed as fair rules, and is considered to be a lighter type of regulation and impartial.15 The IOSCO Principles of Securities Regu- that relies a great deal on self-regulation. The United lation emphasize that the regulatory structure, in the form Kingdom adopted principles-based regulation17 but has of rules, regulations, guidance, and policy positions, must recently replaced it with a twin peaks form of regulation be comprehensible and available to the public and secu- that is more rules-oriented. A hybrid system still relies on rities sector participants. This will enable them to evaluate self-regulation by market participants but has a more pre- whether the regulatory structure is being consistently scriptive set of rules than a full principles-based system. applied in a fair and equitable manner. Rwanda currently follows a hybrid model. The GPs do not Securities  141 take a position on which type or regulatory approach is to the courts—such as orders freezing assets, appoint- best, but the regulatory framework should clearly decide ment of a trustee, injunctions against violations, and simi- what regulatory approach it wishes to follow. lar actions—the authority must have the power to go In addition to formulating regulations and policy, the before a court and request that such action be taken. authority must be able to take action to verify compliance The authority should also take steps to increase the with the regulatory structure. As mandated in the IOSCO financial literacy of the investing public so that their Principles for Securities Regulation Principles 10–12, the actions in the securities markets are informed and well authority must have the power to conduct surveillance of considered. Even professionals in the securities markets the activity of intermediaries, advisers, and CIUs to deter- need continuing education to keep abreast of new mar- mine their level of compliance. This would include the ket developments and the evolving character of the power to request information and to conduct off-site and securities that they are selling to consumers or advising on-site audits and investigations if the authority has rea- consumers about. If other governmental agencies or son to evaluate the level of compliance in an intermediary, industry organizations are also tasked with giving such adviser, or CIU. If noncompliance or intentional violations education, then the authority should coordinate with of the regulatory structure are found, the authority must them and be the lead supervisor of financial education in be able to institute disciplinary proceeding and assess the securities markets. sanctions, if necessary. In cases where matters may be left A4: SUPERVISORY ACTIVITIES a. The authority should supervise persons in the securities sector who are licensed by the authority, such as intermediaries, advisers, and CIUs in order to verify their compliance with their duties and obligations for consumer protection. b. The authority should have A long-term plan setting forth its strategic priorities in the area of supervision over a multiyear i. timeframe; and An operational plan to carry out its supervisory activity over the near- to medium-term timeframe. ii. c. The authority should use an effective approach for planning and conducting its regulatory activities (for example, a risk-based approach), taking into account the circumstances of the market that it regulates and its own capacity. d. The authority should have a system of market surveillance to oversee the activity on the securities markets to determine if the consumers, intermediaries, advisers, and CIUs are in compliance with the laws and regulations providing for consumer protection. e. The authority and SROs should have the authority to engage in the following supervisory activities: Require reporting by licensed persons as to their activity, including all complaints and internal dispute i. resolution, on a periodic or as-needed basis without giving prior notice Conduct off-site examinations of licensed persons on a periodic or as-needed basis without giving ii. prior notice Conduct on-site examinations of licensed persons on a periodic or as-needed basis without giving iii. prior notice f. The authority should provide guidance to licensed persons as to the manner of complying with the obligations and duties established by the legal regime for consumer protection. g. The system of supervision established by the authority should, to the extent possible, include all agents, representatives, intermediaries, or contractors of a licensed person. h. The staff of the authority should be well trained in the law and regulations that licensed persons must adhere to and the requirements and the procedures for conducting supervision. 142   Good Practices for Financial Consumer Protection i. The authority should evaluate its supervisory approach, tools, and techniques, as well as supporting information systems, on a regular basis, to enable its staff to effectively assess institution-specific and market-wide risks. Explanatory Notes one of the most efficient means of establishing priorities The supervision of licensed persons, such as intermediar- to determine which licensed persons are to be examined, ies, advisers, and CIUs, is necessary to determine if they the priority and timing of the examination, and the mat- are in compliance with the regulatory regime for con- ters to be reviewed during an examination. However, the sumer protection. To do this, the authority must have full use of risk-based supervision can pose challenges for and frequent access to the records of licensed and unli- authorities who will need, among other things, to use censed persons who solicit funds from the public on their more supervisory discretion in determining which inter- behalf. IOSCO Principles of Securities Regulation, Princi- mediaries, advisers, and CIUs pose the highest risk for ple 10 provides that an authority should have the power noncompliance with the securities laws. In addition, to obtain information in the ordinary course of business authorities will need to evaluate the proprietary risk man- and whenever it deems it necessary to determine compli- agement systems of intermediaries, advisers, and CIUs to ance with the law and regulations.18 Supervisory proce- determine if they are effective.19 The authority in each dures usually consist of periodic off-site and on-site jurisdiction will need to determine the most effective examinations of licensed persons. From time to time, due supervision techniques for the particular market that it is to special circumstances, the authority may need to con- supervising and its own capacity, which may involve differ- duct an immediate examination to determine the exis- ent forms or models of risk-based supervision. tence of a violation and to protect client assets. In addition, Licensed persons need clarity as to their regulatory the authority may conduct examinations or studies regard- obligations in order to comply with them in good faith. To ing specific themes or issues that have arisen in the secu- assure compliance with the regulatory regime, the author- rities markets that involve obtaining information from ity needs to advise and give guidance to licensed persons licensed persons. about how they can fully comply with their legal duties and The authority will need to prepare a near-term and obligations. Such guidance decreases the costs of supervi- long-term plan for how and when it conducts its supervi- sion by helping to create a uniform method of compliance sory activities. Risk-based supervision has proven to be that is more easily reviewed during examinations. A5: ENFORCEMENT a. The authority should have the authority, powers, and tools to investigate and take disciplinary action against licensed and unlicensed persons who violate the provisions of the legal regime for consumer protection. b. To investigate conduct in the securities markets, the authority should have broad powers, including the following: The authority to obtain access to any and all records of a licensed or unlicensed person to the extent i. that they are relevant to potential fraud or misuse of client assets The authority to take a statement from any person or any of his or her employees, agents, or ii. representatives, subject to any legal rights they have under the law The authority to obtain books and records of persons who are relevant to an ongoing investigation, iii. including records in the hands of third parties, such as bank and telephone records The authority to take actions to ensure compliance with these powers, such as seeking a court or iv. judicial order c. The authority should have the authority to bring administrative proceedings against persons for violations of the legal regime for consumer protection. d. The authority should be able to impose effective, proportional, and dissuasive sanctions and penalties in administrative proceedings for violation of the legal regime, including warnings, suspension of licenses, revocation of licenses, fines, and freezing assets or placing them under the control of a trustee. Securities  143 e. If permitted within a legal jurisdiction, the authority should have the authority to seek orders in civil court to enforce the provisions of the legal regime for consumer protection. f. If permitted within a legal jurisdiction, there should be a wide range of sanctions that the authority can obtain in civil court for violations of the securities law, including injunctions, orders for the return of client funds, repayment of any illegally obtained profits that can be enhanced to deter future violations, and freezing assets or placing them under the control of a trustee. g. The authority should have the authority to initiate criminal proceedings or refer a matter to criminal authorities. Explanatory Notes censed persons and statements, subject to limitations in The enforcement regime varies from country to country. the law, such as rules against self-incrimination. Some countries use rules-based supervision and enforce- The authority must be able to institute proceedings ment, as in the United States, while others use a princi- and seek a wide range of sanctions, such as warnings, sus- ples-based system, such as Rwanda and, previously, the pensions, fines, and withdrawal of licenses, for violations United Kingdom. These GPs do not advocate one system of the consumer protection regime in both administrative over the other. In either system, the authority must have and civil proceedings.21 Since client funds could be quickly the ability to bring enforcement actions against persons hidden or transferred out of reach of investors, the author- who intentionally violate the law. ity must have the ability—on its own order or by court In order for the authority to be able to enforce the legal order, depending on the requirements of the legal sys- regime for consumer protection, it must have the neces- tem—to freeze assets and place receivers or trustees in sary investigative tools.20 The ability to obtain books and control of the assets of licensees. In addition, the authority records and interview people with information is critical to must be able to prevent future violations through injunc- the authority’s ability to determine if violations of the con- tions against violations of the law and the return to clients sumer protection laws and regulations have been made. In of client funds, to the extent possible. addition, the authority needs the authority to pursue inves- In some instances, criminal prosecution is necessary to tigations and proceedings against unlicensed persons for protect clients and their assets, and the authority must violating the consumer protection provisions in the law, in have the power to cooperate with criminal authorities in order to maintain the integrity of the regulatory system. To the investigation of securities law crimes.22 do this, it needs the authority to obtain records of unli- A6: CODES OF CONDUCT a. The legal and regulatory framework should allow for the emergence of industry associations in the securities sector. b. Codes of conduct in industry associations should be encouraged to provide for a foundation for the development of a compliance culture in intermediaries, advisers, and CIUs. c. SROs, if used in the regulatory structure in the securities sector, should have a code of conduct that encourages high ethical standards in their membership. d. Codes of conduct should be written in plain language and without industry jargon to ensure that consumers and industry participants can easily understand them. e. SROs and their members should widely publicize their code of conduct to the general public through the media, financial literacy events, and other appropriate means, including through websites and branches. f. SROs and industry associations should have an appropriate mechanism in place to provide incentives to comply with the code of conduct and other legal norms, such as fines, the withdrawal of membership, and, if so empowered, the withdrawal of the right to participate in the securities markets. 144   Good Practices for Financial Consumer Protection Explanatory Notes consensus among industry participants as to, among As mentioned in A2 above, many jurisdictions have indus- other things, what constitutes good conduct when deal- try associations that advocate the interests of their partic- ing with consumers. Codes emphasize to the salespeo- ular subsector, such as brokers and asset managers, and ple in the industry and the public that ethical behavior provide codes of conduct for their members in the area of should be the normal way of conducting business and consumer protection. These codes can differ depending that the securities industry finds deviations from this to on the subsector. Nonetheless, the codes will have the be unacceptable. This should have a positive impact on same underlying goal of protecting consumers and the behavior of salespeople. It should also provide a encouraging good conduct in the industry. In addition, model for addressing ethical issues. Codes should pro- codes established in different industry associations will vide for a mechanism for identifying new issues in the provide a foundation for self-regulation in the securities securities sector regarding ethical behavior, frequently industry and serve as a first step toward the implementa- resulting from rapid technological change in the sector, tion of a system of SROs with more formal regulatory and the proper way to address those issues. They pro- responsibilities and procedures. Codes also encourage vide a focal point for ongoing debate and discussion the development of internal compliance systems at about the evolving ethical obligations of industry partic- industry participants, by giving the compliance units of ipants in light of new market developments and the industry participants a codified ethical framework that development of new legal and regulatory norms in they can use to develop a compliance culture with inter- meeting the new developments. nal consumer protection rules and laws and regulations Adherence to codes of conduct can be encouraged in related to consumer protection. a number of ways. For example, the publication of a sanc- In addition to governmental regulation, if a jurisdic- tion by an association or SRO would have a shaming tion uses SROs for the regulation of professionals in the effect on the person against whom it is levied, while a fine securities sector, the SRO should have a code of con- would have a direct economic effect. In addition, the duct. The code of conduct of a SRO does not supplant monitoring of members’ conduct by the disciplinary com- the need for or use of more detailed rules for regulating mittee of an industry association after the imposition of a the conduct of market participants, such as anti-fraud sanction would be a way of reinforcing the need to provisions stipulated in law or regulation, but codes can change the conduct that led to the sanction. Discipline by provide guidance, in layman’s terms, for industry partici- the stock exchange against a member could also lead to pants and a means by which their clients can understand reduced access to the market. This would encourage the participants’ ethical responsibilities regarding their compliance with the exchange’s code of conduct in order conduct. Importantly, a code of conduct evidences a to lift the sanction. BOX 4 IOSCO’S Model Code of Ethics:23 Concepts That Should Be Included in the Code Integrity and truthfulness. Stresses the critical element of priately managed. For example, while not necessarily sufficient trust that is essential in all business relationships. Trust is to cure a conflict, firms, at a minimum, would ensure full, fair, dependent upon one’s confidence in the integrity and truth- accurate, timely, and understandable disclosure. fulness of other parties in any relationship. Integrity is honesty and the adherence to values and principles despite the costs Fairness. Requires impartiality, objectivity, and honesty. and consequences. Integrity also demands forthrightness and candor, which must not be subordinated to personal gain and Doing no harm. Means avoiding conduct that jeopardizes advantage. Integrity cannot coexist with deceit or subordina- investor trust and confidence. tion of principles. Maintaining confidentiality. Refers to developing a relation- Promise keeping. Involves the ability to keep one’s word ship of personal trust and confidence with clients and employ- regardless of whether there is a legal obligation to do so. This ers by safeguarding information entrusted to the professional. A is key to being an ethical individual or an ethical business. professional must refrain from using confidential information, or appearing to use it, for unethical or illegal advantage. Informa- Loyalty. Managing and fully disclosing conflicts of interest cov- tion that employees obtain through their employer’s work would ers any conduct that could compromise loyalty to one’s com- not be used by the employee either personally or through a pany or clients. Although certain conflicts may be inevitable, to competitor. the extent feasible, they should be avoided or at least appro- Securities  145 A7: DISSEMINATION OF INFORMATION BY AUTHORITIES a. The authority should make readily available to the general public, at no cost, minimum relevant information about its own role and how it performs its duties to help achieve its statutory goals and increase transparency. This could include the following: A clear description of its regulatory and supervisory mandate and remit and the role of other agencies, i. if applicable, as well as whether any sectors are not covered by any authority A report, at least annually and in a timely manner, on its activities, including an analysis of the state of ii. the securities market and its duties and activities with respect to consumer protection b. The authority should make readily available to the general public, at no cost and in a standardized and easily comprehensible and comparable format, independent information that could include the following: The key features, benefits, risks, and costs of the main types of securities, investment products, and i. financial services The regulatory status of licensed persons ii. iii. The history of licensed persons upon whom disciplinary actions have been taken by the authority, and reference to other agencies or SROs that have the authority to bring disciplinary actions against licensed persons Copies of all public filings of registered issuers and licensed persons iv. Information on the mechanisms, processes, and points of contact for consumers to resolve grievances v. and file complaints and queries with the authority or other governmental agencies authorized to hear the complaints Aggregated data for the market as a whole regarding complaints, disciplinary proceedings, and vi. conduct issues Studies on the state of the market vii. Reports on problems that retail consumers might face, such as particular types of fraudulent conduct viii. Information on financial literacy in the securities sector, including dissemination through publications, ix. seminars, presentations, and workshops Explanatory Notes will depend on the circumstances and condition of the As stated in Principle 3 of the IOSCO Principles of Securi- securities market for which the authority is responsible. ties Regulation, the authority should provide information In addition, one of the important responsibilities of the in the form of financial literacy and education for retail authority is to provide unbiased, objective information consumers.24 This would include, among other things, about the securities markets to the market’s participants. information on the types of products offered as well as This should include, for example, public filings of issuers, how the authority supervises the market. In order for the disciplinary actions against licensed persons, and aggre- consumers to have a means of dealing with their con- gate statistics on market instruments, such as margins and cerns, the authority should educate consumers on the options. This would enable consumers, service providers, available mechanisms that they can use to make and and analysts to have a readily accessible database on the resolve complaints. If other government agencies or condition of the market. non-governmental organizations also have responsibility The authority should also conduct research and for financial literacy across the financial sector, the author- issue reports on the state of the securities market that ity should coordinate its activities with these other agen- deal with current, critical issues on how the market func- cies regarding financial literacy in the securities sector. tions. In addition, the authority should issue warnings Nonetheless, the authority should take the lead in provid- regarding matters that are of immediate interest to con- ing consumers with information about the securities mar- sumers, such as ongoing fraudulent schemes or partic- kets and how the consumers can protect themselves. ular types of investment products, such as the complex However, one size does not fit all in the area of financial financial instruments and alternative investments dis- literacy, and the manner in which this activity is carried out cussed in B4, below. 146   Good Practices for Financial Consumer Protection B: DISCLOSURE AND TRANSPARENCY B1: FORMAT AND MANNER OF DISCLOSURE a. Information regarding securities and financial services provided to consumers in all types of marketing communications and informational documents, such as KFSs, advertising, product information sheets, and account documents, as well as oral communications, should be in plain language that is clear, succinct, and comprehensible while avoiding unnecessary jargon and technical terms. If technical terms are used, they should be explained in a comprehensible manner. b. Written presentation of information should be done in a manner that prominently displays key information and facts on the informational document in a font size and spacing that is easily readable. c. Where feasible, key features should also be communicated orally by the provider to the consumer during the pre-contractual stage and at the point of sale. d. Consumers should receive the required information in a reasonable time before entering into a transaction, so that they can use the information while making their investment decisions. e. When a client signs up for paperless statements, such statements should be in an easy-to-read and readily understandable format and provided in a durable medium. Explanatory Notes It is increasingly recognized that arcane jargon and Information, including facts regarding, and the terms unnecessarily complicated writing and oral communica- and conditions of, a security, financial advisory contract, tion hinder, rather than help, the intent of informational or an account with a collective investment scheme, rules. As far as possible, plain language should be used in should always be prepared and conveyed in a manner all types of documents and in oral communications that that a consumer can easily understand and that is useful are required by law or used by licensed persons to pro- in a consumer’s decision making.25 Disclosure of informa- vide information to consumers in the offer and sales of tion is not effective if the disclosure documents and securities and financial products and services. other information are not presented in a manner that is Advertisements or brochures that are intended to sum- clear and readable. To be effective, oral communications marize specific information about an investment product should also be equally understandable to the non-pro- or service in an easily understandable format, such as KFSs fessional, retail consumer. The authority should provide for CIUs (set out in more detail in B6), should be devel- standards for the manner of presentation and clarity of oped for the particular circumstances where they will be facts and information that are required to be disclosed to used and should be subject to testing—for example, consumers. through focus groups of consumers—to determine if the documents successfully convey the relevant information.26 B2: ADVERTISING AND SALES MATERIALS a. If sales, advertising, and other marketing materials are used in the offer and purchase or sale of securities, intermediaries, advisers, CIUs, and persons acting on their behalf, in addition to applying the general requirements described in B1, should also ensure that such sales and advertising materials do not mislead clients or potential clients regarding the characteristics and benefits of the securities or CIUs. b. Advertising, sales, and other marketing materials regarding advisory or other securities services offered by intermediaries, advisers, and CIUs should not mislead clients or potential clients regarding the characteristics and benefits of the service, such as the past performance, future performance, or costs of the service. c. Intermediaries, advisers, and CIUs should disclose in all advertising, sales, and other marketing materials, including print, TV and radio, the fact that they are regulated and by whom. Securities  147 Explanatory Notes munication with the public. The Securities and Exchange Advertising of general services by an intermediary, adviser, Board of India sets out a number of different types of com- or CIU must not mislead consumers about the results that munication, such as TV interviews, seminars, workshops, could be obtained from using its services.27 As explained tombstone advertisements, and product launch advertise- by the Financial Industry Regulatory Authority (US FINRA), ments, among others.29 a SRO authorized by the US Securities and Exchange In addition to the securities laws, some countries have Commission (US SEC), this includes “any false, exagger- separate laws on advertising that apply to the advertising ated, unwarranted or misleading statement or claim in any materials of intermediaries, advisers, and CIUs.30 Although communication with the public.”28 Representations of the advertising laws are usually more general than laws and characteristics of the service—such as cost comparisons, regulations for the securities sector, they provide useful use of past performance statistics, or hypothetical prof- additional protection for consumers. its—must be accompanied by a disclaimer describing the Sales materials must indicate regulatory status, so that character of the representations and stating that they do the consumer can verify the good standing of the interme- not predict future results from the use the service. These diary, adviser, or CIU and its license to engage in the activ- rules would apply to any form of advertisement or com- ity it is advertising. B3: DISCLOSURE OF TERMS AND CONDITIONS a. There should be comprehensive disclosure of terms and conditions that cover a consumer’s relationship with an intermediary, adviser, CIU, and their sales representatives, in all three stages of the relationship: pre-sale, point-of-sale, and post-sale. b. An intermediary, adviser, or CIU should provide a client or potential client with information about The choice of accounts, products, and services; and i. The characteristics of each type of account, product, and service being offered or recommended. ii. c. An intermediary, adviser, or CIU should provide to a client A copy of its general terms and conditions, as well as any terms and conditions that apply to the i. particular account the client is opening, sufficiently before commencing a relationship with a client so that the client can read and understand the document; and The final signed document at the point of sale. ii. d. The terms and conditions should, at a minimum, disclose the following: Details of all commissions, charges, transaction taxes, and costs, of any nature, related to the accounts, i. products, and services offered and how they are determined The effect of all such commissions, charges, transaction taxes, and costs on the profitability of the ii. accounts, products, and services The complaints procedures, and contact information for internal and external dispute resolution iii. mechanisms Information about any compensation scheme that the intermediary or CIU is a member of, and an iv. outline of the action and remedies that the client may take in the event of default by the intermediary The details of the terms of any leverage or margin being offered to the client and how the leverage v. functions Any restrictions on account transfers vi. The procedures for closing an account and transfer of funds vii. 148   Good Practices for Financial Consumer Protection Explanatory Notes sions, and the use of leverage—can have a significant As IOSCO Principles of Securities Regulation, Principle 31 impact on the results that the consumer can realize. The observes, consumers need to know the terms of the con- effect of the fees on the profitability of the accounts also tract to make an informed decision whether to invest with needs to be fully disclosed. Additional information regard- an intermediary, adviser, or CIU.31 The information must ing the transfer and closing procedures give consumers be given to the client sufficiently before the contract is the confidence that they can change firms if they are not finalized in order for the disclosures to be meaningful and satisfied with the firm’s performance. useful to the consumer. At the point of sale, in order to In addition, information regarding consumers’ right to verify the terms of the agreement, the consumer should file complaints and the means by which they are resolved, receive a written, executed document setting forth the as well as the existence of and procedures for filing a claim terms of the agreement of the parties. with a compensation scheme, provides reassurance that The information contained in the terms and conditions consumers’ interests will be protected and informs con- is critical to an understanding of the contract. The charac- sumers how to assert their rights. teristics of the account—particularly the charges, commis- B4: DISCLOSURE OF PRODUCT RISK a. Intermediaries, advisers, and CIUs should disclose to consumers the risks and consequences of investing in securities, derivatives, and any other investment products, such as real estate, currency, commodities, alternative funds, and non-traditional, complex financial instruments. b. The risks and consequences of any services, investment strategies, trading strategies (including margin and short trading), electronic advisory or trading systems, and cash management strategies should also be disclosed. Explanatory Notes The importance of understanding the prospectus and The types of securities and investment products and ser- annual report as well as other periodic filings should be vices being offered and sold to retail investors have emphasized in order to understand how to value a stock become increasingly diverse and complicated. They can or bond. Clients should be made aware that stocks and include: bonds can rise and fall based on their own economic per- formance, as well as the interaction of the stock or bond’s • Exchange-traded equities and bonds sector with the economy as a whole. Intermediaries and • OTC equities and bonds advisers should explain that the market for OTC stocks is less transparent and often less liquid than the market for • Financial instruments using leverage, often called mar- exchange–traded stocks. The use of margin—that is, tak- gin, in purchasing or selling securities ing out loans to buy stock or bonds—can expose a client • Derivative products, such as exchange-traded options to much larger risk than fully paid ownership of the stocks and futures contracts on financial instruments and and bonds. Clients need to understand that they can be commodities, such as oil, gold, and currency called on to place more cash on deposit with the interme- diary if the price of the stock or bond that they have mar- • Alternative investment funds, such as hedge funds, gined goes against them. funds of hedge funds, equity funds, and venture capi- Financial instruments that derive their value from the tal funds performance of underlying assets, such as financial futures • Non-traditional, complex financial instruments, such as contracts and options, are high-risk investments, and contracts for difference and binary options intermediaries and advisers must explain this to their cli- ents. OTC derivative instruments require even more risk • Computerized advisory programs disclosure.33 The use of margin to purchase futures con- • New financial mechanisms and instruments, such as tracts at a fraction of their value can result in very high peer-to-peer (P2P) lending financial exposures with the possibility of significant loss. Options trading can also subject clients to high losses in Intermediaries and advisers should explain to clients the addition to the premium paid for the option, if the option risks of trading in exchange-traded stocks and bonds.32 is exercised against the client. Securities  149 In addition to futures and options, new non-traditional, investment funds. In regards to these alternative invest- complex financial instruments have been created and are ment funds, intermediaries, advisers, and CIUs should dis- being sold to retail customers, especially OTC-leveraged close the following to clients: products such as contracts for difference or binary • Any high-risk strategies used in connection with the options.34 In this document, the term complex financial investment fund instruments is broadly construed and generally refers to financial products whose terms, features, and risks are not • The illiquid nature of the assets held reasonably likely to be understood by a retail customer • The limited disclosure and reporting of the funds because of their complex structure and the difficulty in determining their value. Different types of these instru- • The difficulty in valuing the assets held ments may not exist in all jurisdictions, but if they are per- • The higher fees associated with such investments mitted, the authority will need to promulgate specific disclosure rules to deal with them. • The limitations on withdrawal of money from the KFS-related disclosure requirements for traditional investment fund CIUs are set out in detail in B6, below. A number of new Moreover, new financial mechanisms, such as P2P lending types of collective investment funds, known as alternative and crowd-source funding, are being developed to funds, have been growing in popularity. They engage in expand the financial sector.36 Depending on how these types of investing that carry a much higher risk than the programs are structured and developed, they may be traditional CIU.35 Hedge funds, funds of hedge funds, considered securities by the authority. Sellers of these equity funds, and venture capital funds invest in start-up products must disclose the risks involved in investing in companies, newly public companies, derivatives, com- them and the possibility of default. Due to the new and modities, high-yield loans, and other high-risk invest- developing nature of these products, international stan- ments. In addition, the common valuation and reporting dards are still being developed. of traditional CIUs may not be required for alternative B5: DISCLOSURE OF CONFLICTS OF INTEREST a. An intermediary, adviser, or CIU should disclose to potential clients and clients all material conflicts of interest that it and all service providers have with the client. b. An intermediary, adviser, or CIU should actively manage any conflicts that it and all service providers have with clients and should disclose the manner in which the conflicts are being managed. c. If an intermediary, adviser, or CIU delegates or outsources any of its functions or activities to another person, it should determine whether, under the circumstances, such delegation or outsourcing should be disclosed to potential clients and clients. Explanatory Notes capacity, either by acting as a principle in transactions An intermediary, adviser, or CIU should disclose to a cli- with the client or by earning fees and commissions for ent all material37 conflicts that it has with the client, as the work in the second capacity, which could result in well as all material conflicts that all service providers for higher fees than would be charged by an independent clients, such as banks, custodians, advisers, intermediar- entity. Similarly, analysts for intermediaries that make a ies, or other entities, have with the client.38 This is the market in a stock being analyzed and recommended most commonly used method of dealing with conflicts.39 should disclose the market making.41 An asset manager Since intermediaries have superior market information of a CIU should disclose if it has arrangements with bro- due to their relations with their clients, conflicts can arise kers for the CIU that could result in higher brokerage from the intermediary’s proprietary trading to the disad- fees for the CIU than could be obtained from a broker vantage of a client, or giving exaggerated solicitation or without such an arrangement. One example of this is a sales of securities underwritten by the intermediary.40 For “soft money” arrangement, in which a broker provides example, an adviser should disclose to a client if it is also free market research to a CIU’s manager in exchange for licensed in another capacity and whether the adviser the CIU’s use of the broker to conduct transactions.42 In deals with the client’s account in the second licensed addition, a CIU should disclose if the CIU permits fre- 150   Good Practices for Financial Consumer Protection quent trading of units in the CIU for certain customers. In regard to the identity of the market institutions that will the mutual funds scandal in the United States in the early provide services that can have an impact on their 2000s, favored large customers in certain funds were accounts. Most firms surveyed by IOSCO inform clients allowed to engage in frequent trading in and out of the that they use external service providers, although many funds, at other than published times, to the disadvan- firms do not inform clients that their data may be trans- tage of other customers. mitted to others.43 Such disclosure would enable con- In addition, the way in which an intermediary, adviser, sumers to do an independent review of the service or CIU is managing a conflict should be disclosed, to allow providers and determine if they are appropriate for the clients to decide whether to begin or continue as a client. consumer and if, to the consumer’s knowledge, there are If an intermediary, adviser, or CIU determines that the con- any conflicts with the service providers. To date, how- flict is not manageable, it should inform the client that it ever, it is not general practice to mandate such disclo- must decline to act on behalf of the client in the areas sure by law, and firms are merely advised to consider if it subject to the conflict. is appropriate to notify clients that customer data may In order for consumers to evaluate the services being be transmitted to a service provider in light of the cir- offered to them, there should be full transparency with cumstances and applicable law.44 B6: KEY FACTS STATEMENTS FOR CIUs a. The authority should require that an intermediary, adviser, or CIU provide a KFS for each CIU that it is offering or has sold to a consumer that succinctly explains the CIU in clear language and in a format that is easily comparable with other CIUs. b. The key facts to be disclosed are material facts that are important to a consumer’s decision to invest, such as the following: Investment objectives and strategy i. Risk profile ii. Pricing of purchases and sales of interests in the CIU iii. Redemption and withdrawal rights, iv. Fees and costs v. Conflicts of interest vi. Key rights of a consumer, including the complaint procedure vii. A fair and honest description of the performance of the CIU or investments over several different viii. periods of time that accurately reflect overall performance c. The intermediary, adviser, or CIU should disclose that the KFS does not contain all required disclosures, which can be found in the full prospectus or other primary disclosure document that is required by law to be delivered to the consumer. Explanatory Notes shorter than a short form or summary prospectus and is A consensus has developed that the prospectus that CIUs intended to be one-two pages in length, although some must give to consumers is too complex and lengthy to KFSs might extend to three or four pages. convey to a consumer the key information about a CIU in To date, the use of KFSs in the securities sector has an understandable form. As a result, many jurisdictions generally been limited to CIUs.45 However, some jurisdic- have implemented regulations that call for a simpler dis- tions, such as Germany, have begun implementing a gen- closure document, referred to in different countries by eral requirement that when a financial instrument is different names, such as a KFS, summary prospectus, or recommended to a consumer, the consumer must be short-form product disclosure statement. The KFS is given a product information sheet explaining the financial Securities  151 instrument.46 Financial products similar to CIUs in other is, made a detachable part of) the prospectus or other financial subsectors, such as index-linked insurance poli- primary disclosure document. Table 3, derived from IOS- cies, have also been considered appropriate for KFS.47 CO’s Principles on Point of Sales Disclosure, lays out the These products, known as PRIIPS (packaged retail and contents of a KFS.48 insurance-based investment products), are required to To avoid “cherry-picking” the best performance peri- have a KFS in some jurisdictions, such as in the European ods for a CIU, performance should be given for several Union, but are outside of the scope of this review of the event-neutral periods of time, letting a consumer evaluate securities sector. the CIU over short and long holding periods, such as one-, The content of a KFS covers the most important facts five-, or 10-year periods. related to the CIU, such as investment strategy, commis- The ability of favored clients to engage in frequent sions, other fees, performance, and risk warnings. This trading in a CIU can have an effect on long-term clients. A information is presented in a standardized format pre- CIU’s policies regarding such practices and the attendant scribed by the authority so that consumers can easily com- risks would have an impact on a consumer’s decision to pare CIUs to evaluate their goals and costs. The standard invest and should be disclosed to consumers in the KFS. format should be prepared jointly between the authority Inducements paid to a CIU or adviser to use market and the industry and undergo consumer testing to make services, such as brokerage services, sometimes referred sure that it conveys the relevant information effectively. to as “soft-money” payments, could create a conflict of Consumer testing helps determine the format that is most interest and affect the ability of the CIU or adviser to give useful, such as the positioning of information on the KFS, impartial investment advice. Such relationships should be the different types of graphic displays, and the specific disclosed to consumers in the KFS, enabling them to fully issues that need to be highlighted. The KFS can be a evaluate the services of the CIU or adviser. stand-alone document or attached to or layered into (that TABLE 3: Contents of a KFS for Collective Investment Schemes SUBJECT TO BE DISCLOSED ELEMENTS Information about the CIU Name and license of CIU Name and license of asset manager and employees Name and license of key service providers Investment characteristics of CIU Investment objectives and strategy Information on underlying investments or reference asset Risks of investment Past performance Nature of any guarantees offered Summary of tax implications on performance and distribution Operational characteristics of CIU Time when prices of purchases and sales of interests in the CIU are determined and where prices can be obtained Methods of valuation—net asset value Fees and costs Consumer rights in the CIU Redemption, distribution, and withdrawal rights and procedures Existence of customer protection scheme Consumer complaints regarding the CIU Internal procedure for handling complaints and dispute resolution External dispute resolution mechanisms Conflicts of interests between CIU Disclosure of conflicts of interest and consumer The CIU’s policies with regard to frequent trading Inducements that it receives, such as “soft-money” arrangements Disclosure of resolution of conflicts Key information on intermediary Name and license Compensation and fees Conflicts of interest 152   Good Practices for Financial Consumer Protection B7: CONTRACT NOTES a. Clients should receive a contract note from an intermediary, an adviser who conducts trades, or a CIU containing and confirming the characteristics of each trade executed with them or on their behalf. b. The contract note should disclose the following characteristics of the trade: The volume of securities traded i. The price at which the trade(s) were executed ii. The commission received by the intermediary, adviser, CIU, and their sales representatives iii. The total expense ratio (expressed as total expenses as a percentage of total assets purchased) iv. The trading venue where the transaction took place v. Whether the trade was broker or client initiated vi. Whether the intermediary, adviser, or CIU for the transaction vii. 1. Acted as a broker in the transaction, 2. Acted as a dealer in the transaction—that is, the counterparty to its customer—or 3. The trade was conducted internally between its clients. c. Clients should receive the note immediately after the execution of the transaction. Explanatory Notes information must be sent on the day the transaction was Customers should have immediate information about the completed, even if that is before the settlement day. Wait- terms of any transactions in their accounts. This enables ing for such information for a long period of time reduces customers to verify that the transaction was executed pur- the ability of the customer, intermediary, adviser, or CIU to suant to the authorization given by the customer. This correct any mistakes in the transaction. B8: STATEMENTS a. A client should receive periodic statements for each account with an intermediary, adviser, or CIU that provide the complete details of account activity. The intermediaries, advisers, and CIUs should Prepare the periodic statements at least once a year for inactive accounts and quarterly for accounts i. that have a transaction during the quarter; Make timely delivery of the periodic statements; ii. Provide a procedure for clients to dispute the accuracy of the transactions recorded in the statement iii. within a stipulated period; and When a client signs up for paperless statements, provide such statements in an easy-to-read and iv. readily understandable format. b. The information in the account statement should, at a minimum, contain the following: The account balance i. All holdings in the account, including number of shares and value ii. All transactions in the account, including purchase and sale price iii. All commissions, charges, transaction taxes, and fees against the account in the relevant time period iv. All dividends and interest earned on securities in the account v. c. If an adviser who provides only investment advice to customers also holds client assets, the client statements should be prepared by and sent from the custodian for the assets and not from the adviser itself. Securities  153 Explanatory Notes paper statements, although often they are more frequent. As Principle 31 of the IOSCO Principles of Securities Reg- Account statements provide one of the best mechanisms ulation sets forth,49 an intermediary should promptly, and to ensure safekeeping of client assets.51 If the statements at regular intervals, provide customers with a report do not reconcile with the customer’s records, efforts can regarding their accounts, including, as appropriate, infor- be taken to determine the true status of the assets in the mation about holdings, transactions, and balances. Issu- account. If assets are missing, action can be taken to ing regular statements on a periodic basis has been recover the assets or seek compensation. generally accepted as one of the best means to provide Customers should have confidence that the informa- customers with this information. Good practice is that the tion that an adviser is giving them is accurate. Conse- statements should be sent out at least once a year, and quently, if the adviser manages customer assets, the more frequently depending on the activity in the account statements for the customer accounts should be account—for example, a statement should be sent in any sent directly from the custodian of the funds to the clients quarter in which a transaction takes place.50 If the cus- to avoid the possibility of incorrect information being tomer has agreed to delivery of paperless statements, the given to clients by an adviser. statements must be available at least as frequently as C: FAIR TREATMENT AND BUSINESS CONDUCT C1: UNFAIR TERMS AND CONDITIONS a. The securities laws and regulations should prohibit the use of unfair terms and conditions in the contract between a client and an intermediary, adviser, or CIU. For example, a contract should not Contain provisions that provide for fees, markups, or commissions that are excessive in light of market i. practice; Require deposits, margin, or other advance payment that are higher than required by law or market ii. practice; or Require customers to maintain deposits in accounts that have excessive fees or are not protected by iii. existing deposit insurance plans. b. The securities laws and regulations should prohibit the use of terms and conditions that decrease or restrict the rights of clients given to them in the law. For example, other than permitted by law, a contract should not do the following: Reduce the amount of disclosure i. Exclude or restrict, or seek to exclude or restrict, any legal liability or duty of care to a client ii. Limit damages for violations of the securities laws iii. Limit the venue for dispute resolution iv. Limit priority in insolvency v. Limit the ability of the customer to examine records vi. Limit the rights to privacy vii. c. Unfair terms and conditions in a contract should be void by law, and a client should be able to obtain legal redress for any damages or loss caused by the unfair terms and conditions. 154   Good Practices for Financial Consumer Protection Explanatory Notes obtain an advantage in the contractual relationship with Intermediaries, advisers and CIUs should deal equitably clients by inserting clauses into contracts that limit or and fairly with their clients.52 The fees and charges should waive the rights that clients have under the law. Such not be in excess of market practice and should be fully clauses may attempt to limit the damages due to fraud or disclosed. The market practice may vary in different juris- negligence that can be recovered by a client, or require a dictions, and what is acceptable will depend on local mar- client to seek redress in a venue that will be unfavorable to ket conditions. the client. Since such limitations or waivers would be The legal regime will provide consumers with rights against the public policy that gives consumers the protec- and protections that should always be fully available to tions in the first place, the legal regime should prohibit the the consumers. Due to their unequal bargaining power, waiver or modification of consumer protection provisions some intermediaries, advisers, and CIUs may attempt to in relevant law. C2: SALES PRACTICES AND DUTY OF CARE a. Securities laws and regulations should contain clear rules on misleading and fraudulent sales practices in the solicitation, sale, and purchase of securities or investment advice. Intermediaries, advisers, CIUs, and their sales representatives should Not use sales tactics that create undue pressure on a consumer to invest; i. Not engage in misrepresentations and half-truths regarding products being sold or purchased; ii. Fully disclose the risks of investing in a security or following investment advice being sold; iii. Not downplay or dismiss warnings or cautionary statements in written sales literature; and iv. Not recommend the purchase and sale of securities solely to obtain fees and without a sound basis for v. the recommendation. b. Securities laws and regulations should contain a legally enforceable duty of due skill, care, and diligence for intermediaries, advisers, and CIUs that sets forth a standard of care that must be used in dealings with consumers and can be used by consumers to seek redress for intermediaries, advisers, or CIUs’ misconduct and violation of the consumer protection laws and regulations. Explanatory Notes The authority can implement solutions to combat such The obligation to deal fairly and honestly with consumers tactics. For example, regulations can provide that tele- includes the obligation to use sales practices that do not phone sales calls should be made only within specific unduly pressure consumers to make investment decisions. hours and that consumers should have the right to be on Consumers are frequently cold-called in hours outside the a no-call list. The EU Directive on Distance Marketing54 normal business day and bombarded with urgent pitches provides a European standard for regulating distance to buy or sell securities immediately. In addition, the fol- marketing, requiring that consumers must consent or at lowing persuasive techniques are used: least not object to unsolicited communications. This can be accomplished by a no-call list. Registered intermediar- • Promising unrealistic or exaggerated returns and guar- ies, advisers, and CIUs can also be required to electroni- anteed results cally record all of their employees’ phone calls with • Pretending to be an expert or from a legitimate busi- potential and existing clients, so that the authority can ness or government agency that gives the salesperson review them during an examination to determine if there and his or her company special insights or authority has been mis-selling. In addition to the securities laws, some countries have • Telling people that regulatory information or sales separate, general laws on advertising that would apply to warnings should be ignored the sales practices of intermediaries, advisers, and CIUs • Creating the illusion that other members of one’s com- when they engage in sales activity by phone.55 These laws munity are also investing, also known as “affinity fraud” should be viewed as an integral part of the consumer pro- tection laws for the securities sector. • Creating a false sense of urgency by claiming that the A number of investment schemes target retail con- supply or time to make the transaction is limited53 sumers, including pyramid schemes; high-yield invest- Securities  155 ment programs, particularly to invest in foreign stocks; The legal framework should contain provisions that “pump and dump” schemes that inflate the value of establish a duty of due care, skill, and diligence for the worthless small-cap stocks through misinformation and intermediaries, advisers, and CIUs that deal with consum- market manipulation; fraudulent offerings of unregistered ers. In addition, the legal framework must establish a legal securities, where proceeds are used for purposes other standard of care that can be used to evaluate the actions than stated in the offering information; and foreign of intermediaries, advisers, and CIUs to determine if they exchange schemes offering non-existent trades in foreign have fulfilled their duty of skill and care and that clients currency.56 The securities laws should clearly prohibit can use to establish whether the intermediaries, advisers, these schemes, so that the authority can take action to and CIUs have breached that standard when dealing with prosecute the violators. the clients, causing losses to the clients. Consumers The authority and SROs can provide specialized train- should be able to use the civil courts or non-judicial dis- ing and information programs to warn consumers of these pute resolution mechanisms to obtain redress in the event sales tactics. In addition, information regarding fraudulent of a failure to fulfill the duty of due care, skill and diligence sales practices should be part of a more general financial or misconduct by an intermediary, adviser, or CIU. literacy campaign. C3: PRODUCT SUITABILITY a. Before providing a product or service to a consumer, an intermediary, adviser, or CIU should obtain, record, and retain sufficient information to enable it to form a professional view of the consumer’s background, financial condition, investment experience, and attitude toward risk in order to provide a recommendation, product, or service appropriate to that consumer. b. An intermediary, adviser, or CIU, taking into account the facts disclosed by a client and other relevant facts about that client of which it is aware, should ensure that any security, investment product, or financial service recommended to the client is suitable for the client. Explanatory Notes unsolicited order for an investment that is not suitable for Intermediaries, advisers, and CIUs should obtain suffi- the client, the licensed person should inform the client cient information from their clients so that they can deal and explain why the investment is unsuitable. Directive with their clients in a manner appropriate to their circum- 2014/65/EU on Markets in Financial Instruments (EU stances.57 Clients should be honest with licensed persons MiFID II) extends such a warning to all products or ser- regarding their investment knowledge and experience. vices that are offered or demanded.59 On the other hand, Based on that information, licensed persons should in the United States, the licensed person is required to determine what investments are suitable for the client determine suitability only when a recommendation is and avoid recommending securities that do not meet the made.60 This appears to have been the most commonly client’s financial sophistication, investment objectives, or used approach to suitability.61 risk tolerance. The suitability of an investment for a customer will be Approaches differ with regard to unsolicited orders, in different for different types of financial instruments. For which a client initiates an order and there is no recom- example, complex financial products such as hedge mendation by the intermediary, adviser, or CIU to pur- funds, derivatives, and structured products will be more chase the security that is the subject of the order.58 In suitable for clients with extensive experience in investing Europe, Directive 2004/39/EC on Markets in Financial and knowledge of the markets.62 Instruments (EU MiFID I) requires that if a client makes an 156   Good Practices for Financial Consumer Protection C4: CUSTOMER MOBILITY a. When clients request the payment of funds in their account, or the transfer of funds and assets to another intermediary, adviser, or CIU The payment or transfer should be made promptly and within no more than three days after the i. settlement of any outstanding transactions; The closing/transfer costs should be supervised by the authority to ensure that such costs are not ii. unreasonably excessive; and The procedures for closing should be clear and easy to complete. iii. b. An intermediary, adviser, or CIU should disclose any circumstances in which payment may be delayed, such as the difficulty in selling a security due to its illiquid nature. Explanatory Notes and administratively simple procedure for such transfers Clients may need immediate access to their funds in order should be facilitated by securities laws and regulations.63 If to meet other financial and personal obligations. The the nature of an investment would limit the ability to make delay in payment of account balances or the closing of a quick transfer, such as the illiquidity of an investment, accounts reduces confidence and the perception of the this should be fully disclosed to clients prior to entering integrity of the securities markets. Consequently, a quick into the contract and making the investment. C5: SEGREGATION OF FUNDS a. Assets of a CIU should be held by a custodian and segregated from the assets of all other entities that deal with the CIU. b. To the extent permitted by law, assets of an intermediary or adviser should be segregated pursuant to the law applicable to the safekeeping of assets. Explanatory Notes over, in order to protect customer assets in the event of A consensus has developed that the assets of a CIU insolvency of a CIU or its asset manager, custodian, invest- should be held by a custodian and segregated from the ment adviser, intermediary and any other service provider assets of all entities that deal with the CIU, including the for the CIU, customer assets should be segregated from asset manager; any other CIUs managed by the asset the assets of such entities in such a manner that the assets manager; the custodian, intermediary, and adviser for the are excluded from being a part of their estate in the event CIU; and all other service providers for the CIU.64 The safe- of insolvency or receivership. keeping of customer assets is one of the most important Customer assets held by intermediaries and advisers aspects of financial consumer protection. Proper segrega- are segregated based on the nature of the security or tion means that the assets will be used only for the pur- instrument. Fully owned securities, margin securities, poses intended by the consumer. Segregation can help derivatives, and cash are all handled differently based on prevent misappropriation and the use of client assets for the law related to such financial instruments in the jurisdic- proprietary trading or the financing of an asset manager’s tion in which they are held. Intermediaries and advisers or custodian’s operations. It can also facilitate the transfer should hold and segregate assets in the manner described, of client assets in cases of severe market disruption. More- and to the full extent permitted, by local law. 65 Securities  157 C6: MISUSE AND MISAPPROPRIATION OF CUSTOMER ASSETS a. Intermediaries, advisers, and CIUs should be liable to customers for any misuse or misappropriation of their assets, including misuse or misappropriation by employees, agents, contractors, and service providers. b. An intermediary, adviser, or CIU should be required to put in place internal controls and supervisory procedures to prevent misuse or misappropriation of customer assets. Explanatory Notes place at intermediaries, advisers, and CIUs to monitor cli- Intermediaries, advisers, and CIUs have the highest moral ent funds and detect any misuse. Internal controls should and legal duty to hold and safeguard their clients’ assets be the first mechanism to detect misuse and provide the securely. The misuse or misappropriation of client assets quickest way to prevent, stop, and remedy violations. can result in devastating financial consequences for clients Another method of preventing misuse and misappro- and their ability to fund their families’ current necessities priation is to give customers electronic access to their and retirement. The safekeeping of these assets is critical accounts, so that they can verify the contents of the not just to the clients, but also to the health of the securi- accounts. Different countries have developed ways for cli- ties market. Large losses of assets due to misappropria- ents to monitor their accounts for evidence of misuse. In tion can result in a loss of confidence in the securities countries with Internet accounts, customers can verify market and reduced participation. As stated in IOSCO their account status on a daily basis. For example, in Indo- Methodology for Assessing Principles, one of the basic nesia, clients are able to monitor the status of their purposes of the oversight and supervision of intermediar- accounts through the use of the Central Depository’s ies is to prevent this possible misuse.66 AKSes facility on the Internet and through the use of a Safekeeping can be done by placing the client assets magnetic card that can be used at specified terminals with a custodian or other entity authorized by local law, around the country.67 but it is also important that internal controls be put in C7: AGENTS AND INTERMEDIARIES a. Intermediaries, advisers, and CIUs should be required under the regulatory system to have a compliance function in place to supervise, monitor, and provide training for persons acting as their agents, representatives, intermediaries, or contractors. b. Intermediaries should be subject to regulatory administrative sanctions for failure to carry out their supervisory duties. c. Intermediaries, advisers, and CIUs should be liable, as provided for under the civil and securities law, in judicial and non-judicial dispute resolution proceedings, to their clients for any loss or damage caused by their actions or the actions of persons acting on their behalf as their agents, representatives, inter- mediaries, or contractors, regardless of the legal character of their relationship. d. Persons acting on behalf of intermediaries, advisers, and CIUs as their agents, representatives, inter- mediaries, or contractors, regardless of the legal character of their relationship, should be separately liable, as provided for under the civil and securities law, in judicial and non-judicial dispute resolution proceedings, to clients for any loss or damage caused by their actions. 158   Good Practices for Financial Consumer Protection Explanatory Notes CIUs in actions brought by a client against them in civil Securities laws should require an intermediary, adviser, or courts and alternative dispute venues for any losses suf- CIU to put in place a compliance function that effectively fered by the clients for their own misconduct. Such actions supervises all of the salespersons employed by it or by its could be based on breach of fiduciary duty, tortious con- agents, representatives, intermediaries, or contractors, no duct, breach of contract, violation of the securities laws, or matter the nature of the legal relationship between the any other causes of action provided for in the law. intermediary, adviser, or CIU and the salespersons of the In addition, intermediaries, advisers, and CIUs should agents, representatives, intermediaries, or contractors. be liable, in regulatory proceedings, civil proceedings, Principle 31 of the IOSCO Methodology for Assessing and alternative dispute venues, for the misconduct of Principles recognizes that this is a particular problem for their sales agents, since the intermediaries, advisers, and derivatives markets intermediaries.68 The supervisory sys- CIUs are responsible for supervising them. The relation- tem should provide for training in the operation of the ship between an intermediary, adviser, or CIU and its securities markets, in all relevant government regulations salespeople is frequently structured to avoid such liability and SRO rules, and in the characteristics of the financial by making salespeople independent contractors, repre- instruments and investment advice being given, so that sentatives, or agents. However, liability should exist irre- the salespeople can competently handle client accounts. spective of their legal relationship. In addition, intermediaries, advisers, and CIUs should The sales agents themselves should also be liable in monitor the activity of salespeople and conduct periodic their own capacity to clients, as provided for in the law, for reviews of each salesperson’s activities. The authority their conduct resulting in losses to clients. This would be should be able to bring administrative sanctions for the particularly important in instances where the intermediary, failure to conduct such supervision. adviser, or CIU becomes insolvent or is placed into receiv- In order for the consumer protection provisions of ership as a result of its conduct in violation of the law. securities laws and regulations to be effective, they should provide for the liability of intermediaries, advisers, and C8: COMPENSATION OF STAFF, AGENTS, AND INTERMEDIARIES a. The authority should require that an intermediary, adviser, or CIU put in place a general remuneration structure that encourages compliance with the consumer protection legal regime. The compensation system should ensure that compensation is aligned effectively with prudent risk-taking. b. Intermediaries, advisers, and CIUs should establish and implement a remuneration policy that specifically encourages salespersons to comply with the consumer protection provisions set out in their internal compliance system and in the law. Explanatory Notes A basic principle of consumer protection is that the incen- the interests of the consumer in the long run.69 Principle 8 tives for salespeople of intermediaries, advisers, and CIUs of the IOSCO Methodology for Assessing Principles should be aligned with the interest of the clients. One of emphasizes that this is a particular problem where there is the key reasons for misconduct by salespeople is that the an active securitization market.70 remuneration structure encourages mis-selling in order to In order to create proper alignment, the incentives for obtain higher pay. Compensation systems in which the salespeople should be balanced with the risks that are payout is short-term (that is, based on volume of sales) related to the financial products. For example, the use of can result in a situation in which the salesperson does not claw-back provisions and deferred compensation, as well have to suffer the consequences of improper or high-risk as limiting bonuses, can reduce the incentive to sell risky sales and therefore has an incentive to sell high-risk finan- products, since future difficulties with the products can cial instruments that are unsuitable for, or detrimental to, result in reduced compensation. Securities  159 C9: CUSTOMER RECORDS a. An intermediary, adviser, or CIU should maintain up-to-date client records that are complete and readily accessible. b. The records should contain at least the following: A copy of all documents required for client identification, contact, and profile i. All contract notices and periodic statements provided to each client ii. Details of all information provided to each client in relation to the advice, products, and services iii. provided to the client All correspondence with each client iv. Copies of all original documents submitted by each client in support of an application for the provision v. of advice, products, or services All other information concerning each client that the intermediary or CIU is required to keep by law vi. All other information that the intermediary or CIU obtains regarding clients vii. c. All records should be readily accessible to the authority and the client on request. d. Details of individual transactions should be retained for a reasonable number of years after the date of the transaction, but no less than five years. Similarly, all other records required under clauses C9(b)i–vii, above, should also be retained for a reasonable number of years from the date on which the relationship with the client ends, but no less than five years. Explanatory Notes The maintenance of books and records is vital to the verify transactions in their accounts for tax purposes, dis- proper regulation of intermediaries, advisers, and CIUs, pute resolution, and personal financial planning. since they facilitate the authority’s review of their propriety The amount of time that the records are kept varies accounts, in addition to the review of activity in individual from country to country. Latvia has a minimum period of customer accounts.71 The authority depends on the 10 years, Croatia and Indonesia have a minimum of five records when conducting its on-site and off-site audits of years, while the United States breaks down the retention licensed persons. Without these records, the regulatory period depending on the type of document: confirma- system would be ineffective and customer protection tions and statements need to be kept for only three would be minimized. In addition, intermediaries, advisers, years, while blotters and ledgers of transactions must be and CIUs depend on the records for their business man- kept six years. agement. Similarly, clients depend on these records to D: DATA PROTECTION AND PRIVACY72 D1: LAWFUL COLLECTION AND USAGE OF CUSTOMER DATA a. Intermediaries, advisers, and CIUs should be allowed to collect customers’ data within the limits established by law or regulation and, where applicable, with the customer’s consent. b. The law or regulation should ensure that intermediaries, advisers, and CIUs use data legally, within the limit legally established in relation to the consumers’ consent, and should, at a minimum, establish clearly How data can be lawfully collected by intermediaries, advisers, and CIUs; i. How data can be lawfully retained; ii. For which purposes data can be collected; and iii. Which types of data can be collected. iv. 160   Good Practices for Financial Consumer Protection c. The law or regulation should provide the minimum period for retaining all customer records and, throughout this period, the customer should be provided ready access to such records for a reasonable cost. d. For data collected and retained by intermediaries, advisers, and CIUs, intermediaries, advisers, and CIUs should be required to comply with data privacy and confidentiality requirements that limit the use of consumer data exclusively to the purposes specified at the time the data was collected, or as permitted by law or otherwise specifically agreed with the consumer. Explanatory Notes Consumers have a right to financial privacy and to be free such data should be obtained by lawful and fair means from unwarranted intrusions into their privacy.73 Because and, where appropriate, with the knowledge or consent of intermediaries, advisers, and CIUs are required to know the data subject.”75 While the policies and practices their customers, securities markets professionals often regarding what constitutes lawful collection of data differ have some of the largest sources of information regarding both across jurisdictions and among international guid- the financial situation of their customers, including per- ance and principles, lawful and informed consent rep- sonal information, contact details, consumer agreements, resents an underlying and cross-cutting theme. transaction logs, passwords, and so forth. Given the Further, following the approach of treating data pri- potential for abuse and misuse of such information, it is vacy as a human right, Convention 108 of the Council of essential that this type of collection be regulated to avoid Europe (COE Convention) establishes that data shall the risk of potential harm for consumers. For example, undergo automatic processing only for a legitimate pur- intermediaries, advisers, and CIUs may otherwise collect pose and that certain categories of sensitive data cannot sensitive data and use it for unfit purposes that may harm be processed automatically, unless national legislation consumers—for example, selling them products at higher provides appropriate safeguards.76 prices. The various reasons for ensuring privacy and data Securities markets professionals may also have incen- protection include: tives to store personal information for longer than neces- sary. Therefore, the major international instruments also • The sensitivity of the personal information held and require limitations to be placed on data retention.77 For used in securities products example, the COE Convention states that data must be • The extensive information flows that take place, such “preserved in a form which permits identification of the as between providers and intermediaries and between data subjects for no longer than is required for the pur- members of a corporate group that includes one or pose for which those data are stored.”78 more financial service providers The lawful collection of data is strictly connected to the purpose for which it was collected, and securities markets • The ever-increasing likelihood of information being professionals should be able to use the data only for these received and held electronically, with a corresponding purposes. Data should be considered legally used only if increase in the risk of remote, unauthorized access it is processed for the purpose for which it was collected. • The fact that privacy is a fundamental human right If this issue is not regulated by law or regulation, there is a deserving of protection, as indicated in various inter- risk that securities markets professionals may collect infor- national instruments to which many countries are sig- mation for certain purposes for which customers’ may be natories74 willing to give consent but then use that same information for other purposes that may be detrimental to customers’ Securities markets professionals should be allowed to interests and for which the customer may not otherwise legally obtain, retain, and use personal data after obtain- have given consent. Securities markets professionals ing lawful and informed consent from the consumer or on should also be prohibited from disclosing consumer infor- some other legitimate basis, including when related to the mation to third parties for unauthorized uses—that is, provision of the specific financial product or service the without the consumer’s prior consent—such as for market- consumer acquired. International guidance is clear in ing purposes. establishing that “the collection of personal data and any Securities  161 D2: CONFIDENTIALITY AND SECURITY OF CUSTOMER INFORMATION a. Intermediaries, advisers, and CIUs should be required to implement policies and procedures to ensure confidentiality, security, and integrity of all customer data stored in their different databases. b. Intermediaries, advisers, and CIUs should take sufficient steps to protect the confidentiality and security of a customer’s information against any anticipated threats or hazards to the security or integrity of such information, and against unauthorized access to, or use of, such information. c. When establishing such procedures, intermediaries, advisers, and CIUs should also establish different levels of access to customers’ data for employees, depending on the role they play within the organization and the different needs they may have to access such data. d. The legal regime should have a protocol for cyber security that must be followed by intermediaries, advisers, or CIUs to protect customer information and assets. Explanatory Notes attacks on electronically held data and operations of inter- Once information has been lawfully collected, it is very mediaries, advisers and CIUs has become a paramount important that intermediaries, advisers, and CIUs have an problem.79 Intermediaries, advisers, and CIUs must have obligation to keep the financial information of their clients in place sufficient safeguards to ensure that customer secure from unwarranted access by persons inside and funds and activity are safe and secure. The authority, in outside their organization, as well as from any threats or cooperation with the securities industry, should develop hazards to data security or integrity. Over the last several effective protocols and procedures to protect against years, the vulnerability of financial institutions to cyber cyber attacks. D3: SHARING CUSTOMERS’ INFORMATION a. The law should prevent intermediaries, advisers, and CIUs from sharing customer account or personal information with any unaffiliated party for marketing purposes, such as telemarketing or direct mail marketing, without the customer’s prior written consent. b. The law should also prevent intermediaries, advisers, and CIUs from sharing customer account or personal information with any affiliated party for marketing purposes, such as telemarketing or direct mail marketing, without the customer’s prior written consent. c. Intermediaries, advisers, and CIUs should Unless the law provides otherwise, inform a client of the situations in which they are required to share i. information regarding the client’s account with third parties, such as legal enquiries by a credit bureau; Explain how they use and share a client’s personal information; ii. Explain to a client that the law prevents sharing customer account or personal information with any iii. affiliated or unaffiliated party for marketing purposes, such as telemarketing or direct mail marketing, without the client’s prior written consent; Allow a client to stop or opt out of sharing any other non-account information and inform the client of iv. this option before the information is transferred; and Explain to clients that if they agree to opt in to information sharing, the consent is limited to the v. specific purpose to which they consented. d. Specific procedures and exceptions concerning the release of customer financial records to government authorities should be stated in the law. 162   Good Practices for Financial Consumer Protection Explanatory Notes non-account related information if the customer does not Customers should be aware of how information can be find such information sharing to be useful or beneficial. shared with third parties and within the various units or Governmental regulatory authorities have the need to subsidiaries of a financial conglomerate.80 Many of these obtain customer information for regulatory and law shared uses can be beneficial for customers, but they enforcement purposes. The instances in which this is per- should have the right to affirmatively state that they con- mitted should be clearly stated in the law, as well as pro- sent to such information sharing, and that the sharing is cedures for notification or situations in which notification limited to the specific uses to which the customers con- is not required. sent. A customer should be able to opt out of sharing E: DISPUTE RESOLUTION MECHANISMS E1: INTERNAL COMPLAINTS HANDLING a. Intermediaries, advisers, and CIUs should be required to have an adequate structure in place as well as written policies regarding their complaints handling procedures and systems—that is, a complaints handling function or unit, with a designated member of senior management responsible for this area, to resolve complaints registered by consumers against the entity effectively, promptly, and justly. b. Intermediaries, advisers, and CIUs should be required to comply with minimum standards with respect to their complaints handling function and procedures. These include the following: Resolve a complaint within a maximum number of days, which should not be longer than the maximum i. period applicable to a third-party external dispute resolution mechanism. (See E2.) Make available a range of channels—telephone, fax, email, web—for submitting consumer complaints ii. appropriate to the type of consumers served and their physical location, including offering a toll-free telephone number to the extent possible, depending on the size and complexity of the intermediary’s, adviser’s, or CIU’s operations. Widely publicize clear information on how a consumer may submit a complaint and the channels made iii. available for that purpose, including on intermediaries’, advisers’, and CIUs’ websites, marketing and sales materials, KFSs, standard agreements, and locations where their products and services are sold, such as branches, agents, and alternative distribution channels. (See B1.) Publicize and inform consumers throughout the complaints handling process, and particularly in the iv. final response to the consumer, regarding the availability of any existing ADR schemes. (See E2.) Adequately train staff and agents who handle consumer complaints. v. Keep the complaints handling function independent from business units such as marketing, sales, and vi. product design, to ensure fair and unbiased handling of the complaints, to the extent possible, depending on the size and complexity of the intermediary, adviser, or CIU. Within a short period following the date the provider receives a complaint, acknowledge receipt of vii. the complaint in a durable medium—that is, in writing or in another form or manner that the consumer can store—and inform the consumer about the maximum period within which the provider will give a final response and by what means. Within the maximum number of days, inform the consumer in a durable medium of the intermediary’s, viii. adviser’s, or CIU’s decision with respect to the complaint and, where applicable, explain the terms of any settlement being offered to the consumer. Keep written records of all complaints, while not requiring that the complaint itself be submitted in ix. writing—that is, allow for oral submission. c. Intermediaries, advisers, and CIUs should be required to maintain and make available to the supervisory authority up-to-date and detailed records of all individual complaints. Securities  163 d. The complaints handling and database systems of intermediaries, advisers, and CIUs should allow the entity to report complaints statistics to the supervisory authority. e. Intermediaries, advisers, and CIUs should be encouraged to use analysis of complaints information to continuously improve their policies, procedures, and products. Explanatory Notes Efficient internal procedures should be in place to handle can verify events and facts related to an account. It is customer complaints fairly and quickly.81 Many customer important that personnel who possess specialized training complaints come from misunderstandings or a lack of and are independent of management handle such matters. information about their accounts and can be quickly Trades incorrectly attributed to or taken from an account resolved within the intermediary, adviser, and CIU. Con- can be verified and corrected. Fees charged against the sultation conducted in good will with the customer can account can be recalculated for accuracy. Good-faith efforts help the customer understand the account and result in by both parties can reach a quick conclusion. actions that satisfy the customer. For further details, see the explanatory notes for Even contested matters can be resolved within the E1 in chapter 1, “Deposit and Credit Products and intermediary, adviser, or CIU. An objective internal review Services.” E2: OUT-OF-COURT FORMAL DISPUTE RESOLUTION MECHANISMS a. If consumers are unsatisfied with the decision resulting from the internal complaints handling at the level of the securities market professional, they should have the right to appeal, within a reasonable timeframe (for example, 90 to 180 days), to an out-of-court ADR mechanism that Has powers to issue decisions on each case that are binding on the securities market professional i. (but not binding on the consumer); Is independent of both parties and discharges its functions impartially; ii. Is staffed by professionals trained in the subject(s) they deal with; iii. Has an adequate oversight structure that ensures efficient operations; iv. Is financed adequately and on a sustainable basis; v. Is free of charge to the consumer; and vi. Is accessible to consumers. vii. b. The existence of the ADR, its contact details, and basic information relating to its procedures should be made known to consumers through a wide range of means, including when a complaint is finalized at the securities market professional’s level. c. If the ADR has a member-based structure, all securities market professionals should be required to be members. Explanatory Notes not provide a practical venue for pursuing small securities In addition to the judicial system, there should be an inde- market disputes. pendent and impartial ADR system for resolving disputes As emphasized in the IOSCO Methodology for Assess- between clients and their intermediaries, advisers, and ing Principles of Securities, it is important for the legal sys- CIUs. Retail consumers frequently invest only small sums tem to provide investors with a “fair and efficient judicial of money, which makes recourse to the judicial system system (including the alternative of arbitration or other impractical. The expense of judicial processes can render alternative dispute resolution mechanisms).”82 In order for any successful claim meaningless, and judicial proceed- a method of ADR to be a respected venue for dispute ings frequently take long periods of time before a resolu- resolution, it needs to be financed in a sustainable manner tion is reached. Consequently, the judicial system does and staffed with experts able to evaluate cases inde- 164   Good Practices for Financial Consumer Protection pendently. The ADR decisions must be binding on inter- plaint. All decisions by the ADR should be appealable to mediaries, advisers, and CIUs and enforceable by law, to an appropriate tribunal, based on the law of the jurisdic- encourage consumers to use the ADR for dispute resolu- tion in which the ADR takes place. tion and to encourage the intermediaries, advisers, and For further details, see the explanatory notes for E2 in CIUs to change the behavior that is the basis for the com- chapter 1, “Deposit and Credit Products and Services.” F: GUARANTEE SCHEMES AND INSOLVENCY F1: CLIENT PROTECTION WHEN A LICENSED PERSON FAILS a. The law on an investors’ guarantee fund, if there is one, should require that the fund be Adequately capitalized; i. Clear regarding the persons, funds, and financial instruments that are covered under the law; ii. Disclosed to clients; iii. Subject to rigorous public reporting requirements and external audits; and iv. Subject to supervision and oversight. v. b. Clear provisions in the law should ensure that the authority is able to effectively supervise and take prompt corrective action on a timely basis in the event of distress at an intermediary, adviser, or CIU. c. The legal provisions on the insolvency of intermediaries, advisers, and CIUs should provide for expeditious and equitable provisions to enable the timely payment of funds and transfer of financial instruments to clients by the insolvency trustee of an intermediary or CIU. Explanatory Notes order for clients to make alternative arrangements for Client funds should be protected in the event of the insol- non-covered instruments, they must be aware what instru- vency of intermediaries, advisers, and CIUs that hold cli- ments the fund covers and the circumstances in which it ent funds. The segregation of assets set forth in C5 will will make a payout. In addition, clients must be informed facilitate the identification and prompt transfer of client that the fund does not pay for lost profits and—depend- funds. The insolvency proceedings should provide for a ing on the scope of the fund—bad advice. To avoid giving fair and rapid mechanism for winding up a licensed per- a false sense of security to clients, it is critical that the fund son and making the transfer. be sufficiently funded to handle the failure of several large IOSCO Principles of Securities Regulation, Principle intermediaries or advisers that hold client assets. Due to 3283 emphasizes that an authority must have a “clear plan the large amount of assets handled by the guarantee for dealing with the eventuality of the failure of market fund, the authority must have the power to supervise and intermediaries.” This would apply to advisers and CIUs as audit the fund regularly, to ensure that its actions are in well. These provisions can include restricting activity of compliance with applicable laws and regulations. It is the intermediary or moving assets to another intermedi- good practice that the fund publishes an annual report ary. When the authority becomes aware of an ongoing that includes accounts and financial condition. fraud or immediate stress in an intermediary, adviser, or It should be noted that not all financial markets are CIU that puts client funds at risk, a trustee may immedi- ready for a guarantee fund, due the high cost that is born ately need to be placed in charge of the assets held by by the market participants. A relatively small amount of and under the control of the intermediary, adviser, or CIU activity on the markets would result in insufficient fees to ensure that client assets are not dissipated. The law from which the participants could support the fund. In the should give to the authority the power to take this action past, this has created underfunded schemes that were not on its own decision or on order of a competent court. able to fulfill their mandate and were forced to rely on a Where permitted by law, an investor guarantee fund government bailout. Even if established, a fund will take can provide an independent, effective mechanism for some time to build up sufficient resources to be effective. ensuring that client assets are protected.84 However, in Nonetheless, guarantee funds are used in Canada, China, Securities  165 the European Union, and the United States. In countries and are segregated from the asset manager and other where deposit guarantee funds also exist, merit can be related parties, including the custodian itself. Conse- found in having both funds under the same administrative quently, the winding up of a CIU is done pursuant to the body. In addition, guarantee funds do not generally cover authority’s regulations and procedures that should be in CIUs, since the assets of the CIU are held by a custodian place to handle such an event. NOTES 1. For purposes of this chapter, the term consumer is used to responsibility of regulating consumer protection in the refer to potential or existing customers or clients of securities sector. If the regulation is split between a market intermediaries, advisers, and CIUs or other potential or conduct supervisor, prudential supervisor, SRO, or other existing retail investors who are purchasers and/or sellers of governmental entity, then, unless otherwise noted, authority securities markets products and services. The term refers to the activities of the regulatory authorities as a securities is used to refer to shares in a company and other group. financial instruments equivalent to shares or other interests 6. “Responsible Finance: Financial Capability and Consumer in business entities, such as partnerships, bonds, or other Protection,” http://responsiblefinance.worldbank.org. forms of securitized debt, or any other financial instru- Good Practices for Financial Consumer Protection 7. ments, such as derivatives, giving the right to acquire or (Washington, DC: World Bank, 2012), available at http:// sell such securities. Following the International Organiza- responsiblefinance.worldbank.org/~/media/GIAWB/ tion of Securities Commission’s (IOSCO) Objectives and FL/Documents/Misc/Good-practices-for-financial- Principles of Securities Regulation, published in June 2010 consumer-protection.pdf. (IOSCO Principles of Securities Regulation), the words 8. For purposes of this section, unless otherwise specified, securities markets are used, where the context permits, to person means a natural or legal person. refer compendiously to the various market sectors, including reference to the derivatives markets. 9. G20 High-Level Principles on Financial Consumer Protection (OECD, 2011), Principle 1. 2. The term intermediary generally includes persons who are in the business of managing individual portfolios, executing 10. Emerging Markets Committee, “Guidelines to Emerging orders as brokers, dealing in, and distributing securities, Market Regulators Regarding Requirements for Minimum and it can include other registered entities that are Entry and Continuous Risk-Based Supervision of Market authorized to engage in such activities, such as banks. A Intermediaries, Final Report” (IOSCO, December 2009); jurisdiction could give an intermediary the authority to Directive 2004/39/EC of the European Parliament and of conduct other activities, such as securities underwriting. the Council of 21 April 2004 on Markets in Financial See “Methodology for Assessing Implementation of the Instruments Amending Council Directives 85/611/EEC and IOSCO Objectives and Principles of Securities Regulation,” 93/6/EEC and Directive 2000/12/EC of the European FR08/11 (IOSCO, September 2011), revised August 2013 Parliament and of the Council and Repealing Council (IOSCO Methodology for Assessing Principles). An issuer of Directive 93/22/EEC (EU MiFID I), Article 5; Directive securities would be an intermediary for the purposes of 2014/65/EU of the European Parliament and of the Council these GPs if it distributes its own securities. of 15 May 2014 on Markets in Financial Instruments and Amending Directive 2002/92/EC and Directive 2011/61/EU 3. Advisers are principally engaged in the business of (EU MiFID II), Article 5; and the US FINRA Manual (Financial advising others regarding the value of securities or the Industry Regulatory Authority), maintaining NASD Rules advisability of investing in, purchasing, or selling securities. 1030–1032. A jurisdiction can permit an adviser to engage in other activities, such as holding client assets. In some jurisdic- 11. EU MiFID II, Paragraph 70. tions, advisers may be required to obtain a license as an 12. IOSCO Methodology for Assessing Principles, Principle 29. intermediary. See IOSCO Methodology for Assessing 13. Principle 2 states that independence implies (a) a regulator Principles. that operates independently of sectoral interest and (b) the 4. Collective investment undertaking (CIU) means an entity ability to undertake regulatory measures and enforcement that is or holds itself out as being engaged primarily, or actions without external (political or commercial) interfer- proposes to engage primarily, in the business of investing, ence. reinvesting, or trading in securities. The CIU can take 14. G20 High-Level Principles on Financial Consumer different legal forms, such as a corporation, partnership, Protection, Principle 2. trust, or legally recognized corpus of assets. Units or shares 15. G20 High-Level Principles on Financial Consumer in a CIU are considered to be securities for the purpose of Protection, Principle 1. these GPs. CIUs are both self-managed and managed by 16. Pascal Franz and Norvald Instefjord, “Rules v. Principles asset managers. For the purposes of these GPs, the term Based Financial Regulation” (SSRN, November 25, 2014). CIU will encompass both the CIU in whatever legal form it takes and its asset manager. Many jurisdictions also permit 17. “Principles-Based Regulation: Focusing on the Outcomes the creation of CIUs for the investment in other assets, such That Matter” (UK Financial Services Authority, April 2007). as real estate and commodities. 18. IOSCO Methodology for Assessing Principles, Principle 10. 5. For purposes of this chapter, the term authority is used to 19. Emerging Markets Committee, “Guidelines to Emerging refer generally to the primary institutions that are given the Market Regulators.” 166   Good Practices for Financial Consumer Protection 20. IOSCO Methodology for Assessing Principles, Principle 10. 38. IOSCO Methodology for Assessing Principles, Principle 8, 21. IOSCO Methodology for Assessing Principles, Principle 11, Key Issue 2, and Principle 31, Key Question 6. and “Credible Deterrence in the Enforcement of Securities 39. “Guidelines for the Regulation of Conflicts of Interest Regulation” (IOSCO, June 2015), 29. Facing Market Intermediaries, Final Report” (IOSCO, 22. Directive 2003/6/EC of the European Parliament and of the November 2010), 12. Council of 28 January 2003 on Insider Dealing and Market 40. “Guidelines for the Regulation of Conflicts of Interest,” 15. Manipulation (Market Abuse), Article 23, and Directive 41. “IOSCO Statement of Principles for Addressing Sell-Side 2014/57/EU of the European Parliament and of the Council Securities Analyst Conflicts of Interest” (IOSCO, September of 16 April 2014 on Criminal Sanctions for Market Abuse 2003), 5 and 9. (Market Abuse Directive). 42. “Conflicts of Interests of CIS Operators” (IOSCO, May 23. SRO Consultative Committee, “Model Code of Ethics” 2000), 3 and 13. (IOSCO, June 2006). 43. “Survey Results on Outsourcing of Financial Services” 24. “Report on Investor Education Initiatives Relating to (IOSCO, February 2005), 7. Investment Services” (IOSCO, February 2013) and “Study 44. “Principles on Outsourcing of Financial Services for Market Regarding Financial Literacy among Investors as Required Intermediaries” (IOSCO, February 2005), 11. by Section 917 of the Dodd-Frank Wall Street Reform and 45. “Principles on Point of Sale Disclosure,” and Commission Consumer Protection Act” (US Securities and Exchange Regulation (EU) No 583/2010 of 1 July 2010 Implementing Commission, August 2012). Directive 2009/65/EC of the European Parliament and of 25. “Principles on Point of Sale Disclosure, Final Report” the Council as Regards Key Investor Information and (IOSCO, February 2011), chapter 5A, 22. Conditions to Be Met When Providing Key Investor 26. “Principles on Point of Sale Disclosure,” chapter 4E, 19, Information or the Prospectus in a Durable Medium Other and IOSCO Methodology for Assessing Principles, Than Paper or by Means of a Website. The discussion Principle 31, Key Issue 11(h), and Principle 26, Key Issue 6. regarding use of KFSs in this chapter is limited to CIUs, 27. “Principles on Point of Sale Disclosure,” Principle 5. since there is no consensus about their use for all issuers. 28. US FINRA, Rule 2210. 46. Circular 4/2013 (WA) (Federal Financial Supervisory 29. “Master Circular for Mutual Funds” (Securities and Authority [BaFin], Germany, 2013): Interpretation of Exchange Board of India, 2011), chapter 13, “Advertise- statutory requirements for preparation of information ments.” sheets pursuant to sections 31(3a) WpHG, 5a WpDVerOV. 30. For example, Latvian Law on Advertising, as amended, 47. “Regulation (EU) No. 1286/2014 of the European 2014. Parliament and of the Council of 26 November 2014 on Key Information Documents for Packaged Retail and 31. IOSCO Methodology for Assessing Principles, Principle 31 Insurance-Based Investment Products (PRIIPs).” Key Issue 11(c). 48. See also The Joint Forum, “Customer Suitability in the 32. G20 High-Level Principles on Financial Consumer Retail Sale of Financial Products and Services” (Bank for Protection, Principle 4; IOSCO Methodology for Assessing International Settlements, April 2008) and other sources in Principles, Principle 31 for Intermediaries, Key Issues 8(e). section B8 in appendix 1. 33. “OTC Markets and Derivatives Trading in Emerging 49. IOSCO Methodology for Assessing Principles, Principle 31, Markets, Final Report” (IOSCO, July 2010). Key Issue 11(f). 34. “Suitability Requirements with Respect to the Distribution 50. IOSCO Methodology for Assessing Principles, Principle 31, of Complex Financial Products, Final Report” (IOSCO, Key Question 16. January 2013), where complex financial instruments are broadly defined and include, among other instruments, 51. “Recommendations Regarding the Protection of Client credit-linked notes, asset-backed securities, and swap Assets, Final Report” (IOSCO, January 2014). contracts; and “Report on the IOSCO Survey on Retail 52. G20 High-Level Principles on Financial Consumer OTC Leveraged Products,” FR14/2016, (IOSCO, December Protection, Principle 3. 2016). See also G20 High-Level Principles on Financial 53. “Survey on Anti-Fraud Messaging, Final Report” (IOSCO, Consumer Protection, Principle 4. May 2015). 35. Directive 2011/61/EU of the European Parliament and of 54. Directive 2002/65/EC of the European Parliament and of the Council of 8 June 2011 on Alternative Investment Fund the Council of 23 September 2002 Concerning the Managers and Amending Directives 2003/41/EC and Distance Marketing of Consumer Financial Services and 2009/65/EC and Regulations (EC) No 1060/2009 and (EU) Amending Council Directive 90/619/EEC and Directives No 1095/2010, and “Regulatory and Investor Protection 97/7/EC and 98/27/EC. Issues Arising from the Participation by Retail Investors in 55. For example, Latvian Law on Advertising, as amended, (Funds-of) Hedge Funds” (IOSCO, February 2003). 2014. 36. Eleanor Kirby and Shane Worner, “Crowd-Funding, An 56. “Survey on Anti-Fraud Messaging.” Infant Industry Growing Fast,” Staff Working Paper 57. IOSCO Methodology for Assessing Principles, Principle 26, SEP3/2014 (IOSCO, 2014). This paper does not necessarily regarding suitability for CIUs, and Principle 31 for reflect the views of IOSCO or its members. intermediaries, Key Issue 8(b); G20 High-Level Principles on 37. The determination of which conflicts are material and in Financial Consumer Protection, Principle 4; US FINRA, Rule need of disclosure will depend on the circumstances of the 2111; EU MiFID I, Article 19; and EU MiFID II, Article 25. relationship and the nature of the local securities markets. 58. The Joint Forum, “Customer Suitability in the Retail Sale of Financial Products and Services.” Securities  167 59. EU MiFID I, Article 19, and EU MiFID, Article 25. Freedoms, Article 8 (European Court of Human Rights, 60. For example, US FINRA, Rule 2111. 1950), available at http://www.coe.fr/eng/legaltxt/5e.htm, (c) Convention for the Protection of Individuals with Regard 61. The Joint Forum, “Customer Suitability in the Retail Sale of to the Automatic Processing of Personal Data, ETS No. 108 Financial Products and Services,” 12, paragraph 66. (Council of Europe, 1981), available at http://www.coe.fr/ 62. “Suitability Requirements with Respect to the Distribution eng/legaltxt/108e.htm, and (d) International Covenant on of Complex Financial Products,” wherein complex financial Civil and Political Rights (United Nations, 1966), available at instruments are broadly defined and include, among other http://www.hrweb.org/legal/cpr.html. instruments, credit-linked notes, asset-backed securities, 75. Guidelines Governing the Protection of Privacy and and swap contracts. Transborder Flows of Personal Data (OECD, 2013), 63. US FINRA, Rule 11870. section 7. 64. IOSCO Methodology for Assessing Principles, Principle 25. 76. Convention for the Protection of Individuals with Regard to 65. “Recommendations Regarding the Protection of Client Automatic Processing of Personal Data. Assets” and “Survey of Regimes for the Protection, 77. See, for example, the OECD Guidelines on the Protection Distribution and/or Transfer of Client Assets, Final Report” of Privacy and Transborder Flows of Personal Data, (IOSCO, March 2011). Principle 10; the UN Guidelines, Article 3; the APEC Privacy 66. IOSCO Methodology for Assessing Principles, 10. Framework, Principle III, “Collection Limitation”; and the 67. Annual Report (Indonesian Central Securities Depository, COE Convention. 2014), 86. 79. Convention for the Protection of Individuals with Regard to 68. IOSCO Methodology for Assessing Principles, Principle 31, Automatic Processing of Personal Data. Key Issue 4; Key Question 6(c). 79. Committee on Payments and Market Infrastructures, 69. “FSF Principles for Sound Compensation Practices” “Cyber Resilience in Financial Market Infrastructures” (Financial Stability Forum, April 2009). (Bank for International Settlements, November 2014). 70. IOSCO Methodology for Assessing Principles, Principle 8, 80. Directive 2002/58/EC Concerning the Processing of Key Issues 3 and 4, Key Questions 4 and 5. Personal Data and the Protection of Privacy in the 71. IOSCO Methodology for Assessing Principles, Principle 10, Electronic Communication Sector, and the US Securities Key Questions 4 and 5; Principle 29, Key Issue 10; and and Exchange Act of 1934 and Regulation S–P thereunder; Principle 31, Key Issue 8(d) and Key Questions 4 and 5. Committee on Payments and Market Infrastructures, “Cyber Resilience in Financial Market Infrastructures.” 72. Intermediaries, advisers, and CIUs gather vast amounts of data, including personal information, in order to conduct 81. IOSCO Principles of Securities Regulation, Principle 31, their daily tasks. This information is sensitive to misuse or Key Issue 10; G20 High-Level Principles on Financial breaches, which has the potential to cause harm to Consumer Protection, Principle 9. consumers. This section touches on only a few select issues 82. IOSCO Methodology for Assessing Principles, appendix 1, with respect to data protection and privacy that are most Item 7. relevant to financial consumer protection. 83. IOSCO Methodology for Assessing Principles, Principle 32, 73. Directive 2002/58/EC of the European Parliament and of Key Issue 1. the Council of 12 July 2002 Concerning the Processing of 84. Directive 97/9/EC of the European Parliament and of the Personal Data and the Protection of Privacy in the Council of 3 March 1997 on Investor-Compensation Electronic Communication Sector, and the US Securities Schemes, and the US Securities Investor Protection Act and Exchange Act of 1934 and Regulation S-P thereunder. of 1970. 74. See, for example, (a) Universal Declaration of Human Rights, Article 12 (United Nations, 1948), (b) Convention for the Protection of Human Rights and Fundamental 168   Good Practices for Financial Consumer Protection APPENDIX 1: SOURCES Unit Trust Industry” (Federation of Malaysian Unit Trust Managers, September 2001); and Directive 2009/65/EC A1: Consumer Protection Legal Framework of the European Parliament and of the Council of 13 July 2009 on the Coordination of Laws, Regulations and (a) Legal framework: IOSCO Methodology for Assessing Administrative Provisions Relating to Undertakings for Principles, Appendix 1; G20 High-Level Principles on Collective Investment in Transferable Securities (UCITS), Financial Consumer Protection, Principle 1. (b) Licensing as Amended, Article 14. sales people and managers: EU MiFID I, Article 9 (requires only managers of investment firms to be qualified); EU A7: Dissemination of Information by Authorities MiFID II, Article 5, and US FINRA Manual maintaining NASD Rules 1030–1032. (c) Emerging Markets Commit- “Report on Investor Education Initiatives Relating to tee, “Guidelines to Emerging Market Regulators Regard- Investment Services” (IOSCO, February 2013); “Study ing Requirements for Minimum Entry and Continuous Regarding Financial Literacy among Investors as Required Risk-Based Supervision of Market Intermediaries, Final by Section 917 of the Dodd-Frank Wall Street Reform and Report” (IOSCO, December 2009). (d) Licensing advisers: Consumer Protection Act” (US Securities and Exchange IOSCO Principles of Securities Regulation 24 and 29. Commission, August 2012). A2: Institutional Arrangements and Mandates B1: Format and Manner of Disclosure (a) IOSCO Methodology For Assessing Principles, Princi- (a) “Principles on Point of Sale Disclosure, Final Report” ples 1–8. (b) G20 High-Level Principles on Financial Con- (IOSCO, February 2011), chapter 4, subsections C and E; sumer Protection, Principle 2. Principle 5. (b) IOSCO Methodology for Assessing Princi- ples, Principle 31, Key Issues 8(e). (c) US FINRA, Rule A3: Regulatory Framework 2210. (d) “Master Circular for Mutual Funds” (Securities and Exchange Board of India, 2011), chapter 13, “Adver- (a) IOSCO Methodology for Assessing Principles, Princi- tisements.” (e) EU MiFID I, Article 19, subsections 2 and 3. ples 4, 10–12. (b) G20 High-Level Principles on Financial Consumer Protection, Principle 1. (c) Franz and Instefjord, B2: Advertising and Sales Materials “Rules v. Principles Based Financial Regulation,” Novem- ber 25, 2014. (d) “Principles-Based Regulation: Focusing (a) “Principles on Point of Sale Disclosure,” Principle 5. (b) on the Outcomes That Matter” (UK Financial Sector US FINRA, Rule 2210. (c) “Master Circular for Mutual Authority, April 2007). Funds,” chapter 13. (d) EU MiFID I, Article 19(2); EU MiFID II, Article 24(3). (d) Latvian Law on Advertising, as A4: Supervisory Activities amended, 2014. (a) IOSCO Methodology for Assessing Principles, Principle B3: Disclosure of Terms and Conditions 10. (b) “Guidelines to Emerging Market Regulators Regarding Requirements for Minimum Entry and Continu- (a) IOSCO Methodology for Assessing Principles, Principle ous Risk-Based Supervision of Market Intermediaries.” 31. (b) EU MiFID I, Article 19; EU MiFID II, Article 24. A5: Enforcement B4: Disclosure of Product Risk (a) IOSCO Methodology for Assessing Principles, Princi- (a) “Suitability Requirements with Respect to the Distribu- ples 11 and 12. (b) “Credible Deterrence in the Enforce- tion of Complex Financial Products, Final Report” (IOSCO, ment of Securities Regulation” (IOSCO, June 2015), 29. (c) January 2013). (b) “OTC Markets and Derivatives Trading Directive 2003/6/EC of the European Parliament and of in Emerging Markets, Final Report” (IOSCO, July 2010). the Council of 28 January 2003 on Insider Dealing and (c) G20 High-Level Principles on Financial Consumer Pro- Market Manipulation (Market Abuse), Article 23; Directive tection, Principle 4. (d) Directive 2011/61/EU of the Euro- 2014/57/EU of the European Parliament and of the Coun- pean Parliament and of the Council of 8 June 2011 on cil of 16 April 2014 on Criminal Sanctions for Market Alternative Investment Fund Managers and Amending Abuse (Market Abuse Directive). Directives 2003/41/EC and 2009/65/EC and Regulations (EC) No 1060/2009 and (EU) No 1095/2010. (e) “Regula- A6: Codes of Conduct and Other Self-Regulation tory and Investor Protection Issues Arising from the Partic- ipation by Retail Investors in (Funds-of) Hedge Funds” SRO Consultative Committee, “Model Code of Ethics” (IOSCO, February 2003). (f) Kirby and Worner, “Crowd- (IOSCO, June 2006); US FINRA Manual incorporating Funding: An Infant Industry Growing Fast,” Staff Working NASD Rules, Section 2000, “Business Conduct”; “Code Paper SEP3/2014 (IOSCO, 2014). of Ethics and Standards of Professional Conduct for the Securities  169 B5: Disclosure of Conflicts of Interest C1: Unfair Terms and Conditions (a) IOSCO Methodology for Assessing Principles, Princi- G20 High-Level Principles on Financial Consumer Protec- ples 8, Key Issues 2 and 31, Key Question 6. (b) “Guide- tion, Principle 3. lines for the Regulation of Conflicts of Interest Facing Market Intermediaries, Final Report” (IOSCO, November C2: Sales Practices and Duty of Care 2010), 12. (c) “IOSCO Statement of Principles for Address- (a) “Survey on Anti-Fraud Messaging, Final Report” ing Sell-Side Securities Analyst Conflicts of Interest” (IOSCO, May 2015). (b) Directive 2002/65/EC of the Euro- (IOSCO, September 2003), 5 and 9. (d) “Conflicts of Inter- pean Parliament and of the Council of 23 September 2002 ests of CIS Operators” (IOSCO, May 2000), 3 and 13. (e) Concerning the Distance Marketing of Financial Services. “Survey Results on Outsourcing of Financial Services” (c) Latvian Law on Advertising, as amended, 2014. (IOSCO, February 2005), 7. (f) “Principles on Outsourcing of Financial Services for Market Intermediaries” (IOSCO, C3: Product Suitability February 2005), 11. (g) Investment Advisers Act, Section (a) IOSCO Principles of Securities Regulation, Principle 26, 206(3). (h) Investment Advisers Act, Rule 204-3. (i) Direc- regarding suitability for CIUs, and Principle 31 for interme- tive 2009/65/EC, Article 14. (j) EU MiFID I, Article 18; EU diaries. (b) “Customer Suitability in the Retail Sale of MiFID II, Article 23. Financial Products and Services.” (c) “Suitability Require- ments with Respect to the Distribution of Complex Finan- B6: Key Facts Statements for CIUs cial Products.” (d) G20 High-Level Principles on Financial Contents: (a) “Principles on Point of Sale Disclosure.” (b) Consumer Protection, Principle 4. (e) EU MiFID I, Article The Joint Forum, “Customer Suitability in the Retail Sale 19; EU MiFID II, Article 25; and US FINRA, Rule 2111. of Financial Products and Services” (Bank for International Settlements, April 2008). (c) Directive 2009/65/EC, Article C4: Customer Mobility 78. (d) Regulation (EU) No. 1286/2014 of the European US FINRA, Rule 11870. Parliament and of the Council of 26 November 2014 on Key Information Documents for Packaged Retail and C5: Segregation of Funds Insurance-Based Investment Products (PRIIPs). (e) Form N-1A (US Securities and Exchange Commission) and SFC (a) “Recommendations Regarding the Protection of Client Handbook for Unit Trusts and Mutual Funds, Invest- Assets.” (b) “Survey of Regimes for the Protection, Distri- ment-Linked Assurance Schemes and Unlisted Structured bution and/or Transfer of Client Assets, Final Report” Investment Products (Hong Kong: Securities and Futures (IOSCO, March 2011). (c) IOSCO Methodology for Assess- Commission, 2013), chapter 6. (f) Circular 4/2013 (WA) ing Principles, Principle 25. (d) EU MiFID I, Article 13(7) (Federal Financial Supervisory Authority, Germany, 2013). and (8) and MiFID II, Article 16(9), which provide arrange- Performance: (a) Form N-1A. (b) Securities Act of 1933, ments to safeguard client funds but no statement of seg- Rule 482. Frequent trading: (a) Form N-1A. (b) “Best Prac- regation. (e) Securities and Exchange Act of 1934, and tices Standards on Anti Market Timing and Associated Rule 15c3-3 promulgated thereunder. Issues for CIS, Final Report” (IOSCO, October 2005). Dis- closure: Investment Advisers Act of 1940, Rule 204-3. Misuse and Misappropriation of C6:  Customer Assets B9: Contract Notes (a) “Recommendations Regarding the Protection of Client (a) US FINRA, Rule 2232. (b) Investment Advisers Act, Rule Assets.” (b) IOSCO Methodology for Assessing Principles, 206(3)-2. page 10. (c) G20 High-Level Principles on Financial Con- sumer Protection, Principle 7. (d) Annual Report (Indone- B10: Statements sian Central Securities Depository, 2014), 86. (a) IOSCO Principles of Securities Regulation, Principle 31. C7: Agents and Intermediaries (b) “Recommendations Regarding the Protection of Client Assets, Final Report” (IOSCO, January 2014). (c) US (a) IOSCO Methodology for Assessing Principles, Principle FINRA, Rule 2340. (d) “Electronic Delivery of Information 31, Key Issue 4, Key Question 6(c). (b) Securities Exchange between Members and Their Customers,” Notice to Act of 1934, Section 15(b)(4)(E). (c) US FINRA, Rule 3110. Members 98-3 (NASD, January 1998); Investment Advis- C8, Compensation of Staff, Agents, and Intermediaries: ers Act of 1940, Rule 206(4)-2. (a) “FSP Principles for Sound Compensation Practices (Financial Stability Forum, April 2009). (b) G20 High-Level Principles on Financial Consumer Protection, Principle 6. 170   Good Practices for Financial Consumer Protection (c) IOSCO Methodology for Assessing Principles, Principle D3: Sharing Customer’s Information 8, Key Issues 3 and 4, Key Questions 4 and 5. (a) Directive 2002/58/EC. (b) Securities and Exchange Act of 1934 and Regulation S–P thereunder. (c) “Cyber C9: Customer Records Resilience in Financial Market Infrastructures.” (a) “Recommendations Regarding the Protection of Client Assets.” (b) IOSCO Methodology for Assessing Principles, E1: Internal Complaints Handling Principles 10, 29, and 31. (c) Securities and Exchange Act (a) IOSCO Methodology for Assessing Principles, Princi- of 1934, and Rule 17a-3 thereunder. (d) US FINRA, Rule ple 31, Key Issue 10. (b) G20 High-Level Principles on 4511; Latvian Law on Financial Market Instruments, Article Financial Consumer Protection, Principle 9. 124 (9) and (10); Croatia Ordinance on Operating Condi- tions for Authorized Companies, Article 13; Rule No. V.D.3 Out-of-Court Formal Dispute Resolution E2:  (13) (Financial Services Authority of Indonesia [OJK]). Mechanisms (a) IOSCO Methodology for Assessing Principles, annex D1: Lawful Collection and Usage of Customer Data I, Item 7. (b) EU MiFID I, Article 53, and EU MiFID II, (a) Directive 2002/58/EC Concerning the Processing of Article 75. (c) US FINRA, Rule IM-12000, “Code of Arbi- Personal Data and the Protection of Privacy in the Elec- tration Procedure for Customer Disputes.” tronic Communication Sector. (b) Securities and Exchange Act of 1934 and Regulation S–P thereunder. (c) Universal F1: Client Protection When a Licensed Person Fails Declaration of Human Rights (United Nations, 1948). (d) (a) IOSCO Methodology for Assessing Principles, Prin- Convention for the Protection of Human Rights and Fun- ciple 32, Key Issue 1. (b) “Recommendations Regard- damental Freedoms (European Court of Human Rights, ing the Protection of Client Assets.” (c) “Survey of 1950). (e) Convention for the Protection of Individuals with Regimes for the Protection, Distribution and/or Trans- Regard to the Automatic Processing of Personal Data, ETS fer of Client Assets.” (d) Directive 97/9/EC of the Euro- No. 108 (Council of Europe, 1981). (f) Guidelines Govern- pean Parliament and of the Council of 3 March 1997 on ing the Protection of Privacy and Transborder Flows of Investor-Compensation Schemes. (e) Securities Inves- Personal Data (OECD, 2013). (g) APEC Privacy Framework tor Protection Act of 1970. (Asia-Pacific Economic Cooperation, 2005). Confidentiality and Security of Customer D2:  Information (a) Directive 2002/58/EC. (b) Securities and Exchange Act of 1934 and Regulation S–P thereunder. (c) Committee on Payments and Market Infrastructures, “Cyber Resilience in Financial Market Infrastructures” (Bank for International Settlements, 2014). 171   Towards Universal Financial Inclusion in China: Models, Challenges, and Global Lessons ANNEXES ANNEX A RETAIL PAYMENT SERVICES This annex covers good practices for financial con- and serve consumers or small business. A related term is sumer protection with respect to payment services in an electronic payment instrument, which is defined here as general and retail payment services in particular. Given a payment instrument that uses electronic means for initia- their nature, large-value payments are not in the scope of tion, authentication, and authorization of a payment trans- this document. International standard-setting bodies as action. Even though a transaction might be initiated well as country-level policy makers have increasingly rec- electronically, the subsequent processes of clearing and ognized consumer protection as an important issue for settlement might involve a combination of manual and payment services—particularly with regard to electronic electronic procedures. A payment may also be initiated on retail payments, such as mobile phone–based services. paper but subsequently processed electronically. Despite The examples and background for this annex are drawn the various possible combinations of means of transfer— from a range of countries to reflect the diversity of markets either paper-based or non-paper-based—retail payment and approaches, including those that aim to balance instruments can be broadly classified into (i) paper-based financial inclusion and consumer protection goals. Spe- instruments; (ii) electronic funds transfer (EFT)–based cific emphasis has been placed on experience from the instruments; (iii) payment card–based instruments; and (iv) developing countries where the World Bank Group has e-money–based instruments.4 The overall retail payment had active engagements in recent years. product packaging is referred to in this annex as a pay- ment service. All payments involving the intermediation of a financial service provider are usually referred to as non- WHAT IS A RETAIL PAYMENT?1 cash retail payments. A retail payment is often defined indirectly as anything that is not a large-value payment. Large-value payments DIFFERENT ENTITIES INVOLVED IN A are typically defined as payments of a relatively high value NON-CASH RETAIL PAYMENT and between banks and/or participants in a financial mar- ket.2 Based on this definition, retail payments are also Broadly speaking, a non-cash retail payment involves commonly referred to as low-value payments. However, the following parties: retail payments can also be for relatively large amounts. i. Issuer: The institution that issues the payment instru- For purposes of the Good Practices, a retail payment is ment. Typically refers to the institution issuing a pay- defined as a payment whose ment card or e-money instrument. • settlement is not time-critical;3 ii. Acquirer: The entity or entities that provide services to • the payer, the payee, or both are individuals or non-fi- the card acceptors (merchants) related to clearing and nancial institutions; and settlement of the accepted transactions. In general, the services include receiving and processing the data • parties are not direct participants in the payments sys- relating to the transaction for authorization, clearing, tem that is processing the payment. and settlement, though some provide only clearing and settlement services. Some acquirers also hold A retail payment instrument is defined as an instrument deposit accounts for card acceptors (merchants). mainly intended to permit execution of retail payments 172 Annex A: Retail Payment Services   173 iii. Clearinghouse: A central location or central process- services offered by their respective PSP. In turn, such ing mechanism through which financial service provid- PSPs might be engaging third-party service providers. ers agree to exchange payment instructions or other Hence, in the broader context of retail payments, the financial obligations (for example, securities). The pro- term consumer can be used to cover all these user-pro- viders settle for items exchanged at a designated time vider relationships. For example, in card payments, the based on the rules and procedures of the clearing- cardholder and the merchant are both users (of the issuer house. In some cases, the clearinghouse may assume and acquirer, respectively). Furthermore, the issuer can significant counterparty, financial, or risk-management be considered a user of a PSO. However, service arrange- responsibilities for the clearing system. ments between PSPs and PSOs or third-party service providers are typically handled adequately on a bilateral iv. Third-party service providers: Entities that can provide basis, as all parties are institutional users who are sophis- services to one or more of the three entities described ticated and have the necessary skills to protect their above and also, in some cases, to payers and payees.5 respective interests. In the case of a person-to-person EFT, the same process holds true, but an acquirer could be referred to as an origi- In line with the rest of the Good Practices, this annex nating institution and the issuer as the receiving institution. therefore focuses on the relationships where one of the parties is an individual, as imbalances of information, In this annex, the term payment service provider (PSP) resources, and power generally disfavor such users of refers to an entity that provides payment services, payment services. As noted in the introduction to the including remittances. A PSP could be a bank, nonbank Good Practices, the term consumer is used throughout this financial institution, or nonfinancial institution. For exam- document to refer primarily to individuals, although the ple, in some jurisdictions, nonfinancial institutions such as GPs can also be applied to microentrepreneurs and small mobile network operators (MNOs) are allowed to issue enterprises. Also, the Good Practices are generally focused e-money–based instruments under a specific regulatory on consumers as payers, though issues with respect to con- framework. Further, a PSP can provide the payment ser- sumers as payees are also discussed where relevant. vice to either a payee, a payer, or both. As with other chapters of the Good Practices, the focus A payment transaction in which the PSP for the payer of this annex is on common retail payment services and payee are different will need a clearing and settle- most relevant to individuals (as well as microentrepre- ment arrangement such as a clearinghouse, with its neurs and small business). Large-value payments are not associated rules, guidelines, and pricing arrangements. in the scope of this annex. All four types of retail payment Such an arrangement is referred to in this annex as a pay- instruments are covered except cash, which is a specific ment infrastructure, and the entity operating it is referred type of paper-based instrument. The reason for this is that to as a payment system operator (PSO). A PSO is an entity cash payments, while being the most used payment that operates a payment network and/or other payment instrument in the world,6 do not involve a user-provider infrastructures. relationship.7 However, remittances originated with and received in cash are covered, as these involve a user-pro- The PSPs and also the PSO might engage third parties vider relationship. to offer specific services on their behalf. For example: • An issuer of an e-money service might engage shops This annex generally does not cover issues specific to and other entities to function as agents to meet cash-in the payment system infrastructure. Nevertheless, and cash-out needs of its customers. some of the GPs described in this annex touch upon the payment system infrastructure where there is a direct • A PSP could engage specialized entities to sign up and and imminent causal link between the payment system service its merchants. infrastructure and consumer protection (for example, • A PSO could engage a third party to operate its under- C5, “Competition and Interoperability”). More specifi- lying information technology systems. cally, the rules of the payment system infrastructure have a bearing on the design of payment services and sup- porting mechanisms, in particular its dispute resolution SCOPE OF THIS ANNEX processes, as such rules usually cover (i) information that needs to be contained in the payment instructions; (ii) In a single payment transaction, there are multiple timelines for processing a payment instruction; (iii) pric- user–provider relationships. A payment transaction ing and fees for PSPs, which could be passed on to con- involves a payer and a payee, both of which are using the sumers; (iv) processes for handling errors and associated 174   Good Practices for Financial Consumer Protection timelines; (v) which entity takes responsibility for any and the usage of the payment instrument (with or without fraud or error; and (vi) adoption of specific standards, an underlying financial service). Where applicable, issues risk-management arrangements, and certain customer specifically relating to the underlying transaction accounts service requirements. or services (for example, deposit accounts, credit and insurance products) are covered in the other chapters of the Good Practices. RELATIONSHIP TO OTHER CHAPTERS OF THE GOOD PRACTICES A variety of specific consumer protection issues can arise in the sale, provision, and usage of retail payment This annex complements and should be read in con- services. These issues can be categorized into the follow- junction with chapter 1, “Deposit and Credit Products ing areas: and Services” (as well as other chapters). For example, • Effective disclosure of terms and conditions (for exam- the disclosure requirements referenced in chapter 1 for ple, disclosure of fees/charges levied before the pay- current accounts are complementary to the disclosure ment is effected, remittance is withdrawn, or money is requirements listed for e-money services in this annex. cashed out; notices about transactions; and so forth) However, while many of the good practices in this • Fairness of terms and conditions of the service (such as annex are similar to those discussed in chapter 1, their level of fees/charges levied and rules pertaining to implementation to PSPs and retail payment services adherence/cancelation of recurring payments) may entail different policy considerations and require • Security standards (for example, authentication rules) tailored approaches, which are highlighted in this annex. For instance, this annex emphasizes specific • Resolution of errors, including reversals (such as incor- aspects of disclosure requirements (for example, timing, rect processing of payment instructions in terms of the content, and format about transactional fees and exchange amount or recipient or timing) rates for remittances). There are also GPs that are unique • Liability in case of errors and frauds (for example, unau- to payment services, such as interoperability (C5), liabil- thorized transactions in a transaction account) ity in the case of mistaken or unauthorized transac- tions (C9), and operational reliability (C10). • Operational service standards and reliability (for exam- ple, timeliness of settlement, system uptime) • Data protection issues (for example, compromised CONSUMER PROTECTION ISSUES RELEVANT non-payment account related consumer data) TO RETAIL PAYMENT SERVICES Retail payment services have a number of features that ISSUES SPECIFIC TO PAYMENT CARDS differ from the products and services covered in other chapters, particularly in terms of the operation of pay- Payment cards are associated with a range of fees that ment instruments and the involvement of nonfinancial are charged to the cardholder (payer) and to the mer- providers. Hence, consumer protection concerns can dif- chant (payee). A card issuer may charge cardholders an fer accordingly. The consumer protection aspects for pay- annual fee, penalty fees, and other transaction-specific ment services span both the sale/purchase of the service fees. In addition, the merchant is also subject to a range of as well as its ongoing usage. Further, consumer protection fees by the acquiring bank, such as merchant service fees issues may differ between the payment service and the (MSF), account maintenance fees, penalty fees, and other underlying financial service. In some cases, the sale/pur- transaction-specific fees.8 While merchants can also be chase and also usage of a payment service is integral to small businesses and vulnerable to unfair practices by another financial service, such as a current account (for card issuers and acquirers,9 in general the Good Practices example, checks and debit cards), while in other cases, do not cover the relationship between merchants and these services are designed and sold as separate and dis- these actors. Similarly, the Good Practices do not focus on tinct services (such as prepaid cards and other e-money the many other interactions in payment cards, such as services). In other cases, payment services are provided issuer-acquirer, issuer-payment network,10 and acquir- without an underlying transaction account—for example, er-payment network. Certain aspects of these interac- remittances and bill payments. The good practices in this tions, such as interchange fees and “honor all cards” annex are intended to cover both the specific transaction requirements,11 are widely believed to influence fees and other aspects relevant to cardholders. Annex A: Retail Payment Services   175 Additionally, several emerging payment mechanisms ISSUES SPECIFIC TO E-MONEY SERVICES that build on existing payment instruments, in particu- lar cards, are relevant to the Good Practices. For exam- E-money instruments, which include prepaid cards and ple, Apple Pay, Android Pay, and Samsung Pay are all other instruments such as mobile money products, can based on cards and are effectively a card payment con- have a range of costs associated with them: initial sign-up ducted via mobile devices. But there are important differ- fee, account maintenance fee, cash load fee, cash with- ences in how one signs up for these services, and how drawal fee, balance inquiry fee, and other transaction- and transactions are initiated and processed. These mecha- event-specific fees, particularly for redemption. The sign-up nisms could entail additional risks for consumers to those process for prepaid instruments is often handled remotely linked to the underlying payment instrument. (for example, over the Internet or via mobile phones) or at locations of an agent of the PSP.12 Ensuring that all the details about these fees are communicated clearly and in a ISSUES SPECIFIC TO EFT-BASED SERVICES timely manner to consumers who use remote channels is a challenge. Extensive use of agents may also bring the chal- EFTs can be credit or debit payments. EFT credit pay- lenge of ensuring uniform quality and reliability of service. ments can be deferred or instantaneous payments, while EFT debit payments are often deferred and also often In addition, prepaid instruments that allow consumers used as recurring payments (for example, monthly utility to keep funds in their accounts for an indefinite period bill payments). Additionally, EFTs require providing infor- of time and reload the accounts as desired (as is the mation about the recipient’s account number, details of the case for most mobile money services currently offered by PSP with whom the account is maintained, and details of nonbank institutions such as MNOs) could be considered the payment, such as the amount, when it is to be paid, a hybrid of payment and deposit services, raising many and so forth. These characteristics require attention to cer- consumer issues that are characteristic of both types of tain disclosure requirements, such as timely notifications services. In that vein, certain Good Practices applicable to and alerts about payment requests and any related prob- current accounts are also relevant to e-money services, lems with the payment, as well as fair practices and solid although their application may vary. (For example, the operational standards, such as providing means for easy issuance of periodic statements in traditional format may and timely cancellation of recurring payments and mini- not be appropriate for mobile money services.) mizing the likelihood of incorrect information in payment instructions. Moreover, EFTs require particularly clear and fair processes for resolution of incorrect or unsuccessful THE GOOD PRACTICES AND INTERNATIONAL payments. Such issues are discussed further in the Good STANDARDS FOR PAYMENT SYSTEMS Practices. This annex relies on, builds off, and expands on exist- ing guidance and standards issued by international ISSUES SPECIFIC TO CHECKS standard-setting bodies, such as the Basel Committee for Banking Supervision, the Committee on Payments and Checks are traditionally conceived as negotiable instru- Market Infrastructures (CPMI), and the International Orga- ments. In addition to consumer protection issues con- nization of Securities Commissions (IOSCO), and relevant nected with disclosure of risks in case a check is drawn on organizations, such as the World Bank Group, the Interna- an account with insufficient funds or on time limits within tional Telecommunications Union Telecommunications which a check can be cashed, or information on costs, Standardization Section (ITU-T), and the Organisation for there are specific issues connected to the validity of Economic Co-operation and Development (OECD). It endorsement and the risk of misuse of the instrument as a does so by drawing from country examples and making form of security. However, the current trend is to limit specific considerations regarding the relationship between negotiability and, in particular, to truncate a paper check such standards and guidance and consumer protection, (that is, to transform it into electronic inputs) at the time of including how such standards and guidance can be put presentation. Once a check is truncated, for clearing pur- into practice. poses and execution it is treated as a debit transfer. Con- sequently, it is subject to the same kind of risks as an EFT. 176   Good Practices for Financial Consumer Protection A: LEGAL AND SUPERVISORY FRAMEWORK A1: CONSUMER PROTECTION LEGAL FRAMEWORK a. There should be a clear legal framework that establishes an effective regime for the protection of consumers of retail payment services. b. In the event that the legal framework takes an institution-based approach (that is, respective laws cover specific types of PSPs), efforts should be made to ensure that the overall legal framework provides sufficiently comprehensive coverage, avoids conflicts or lack of clarity, and provides for a level playing field for providers of similar services. c. The legal framework should be proportional, technology-neutral, risk-based, and predictable. d. Efforts should be made by the authority or authorities responsible for the implementation of the consumer protection legal framework (“authority”) to authorize/license or register PSPs offering retail payment services. e. The PSPs that effectively handle consumers’ funds should be subject to a mechanism of authorization/ licensing to enter the market and be subject to appropriate supervision and oversight. f. If not authorized/licensed, all PSPs should at a minimum be subject to registering with the authority. g. Where PSPs are required to be authorized/licensed by the authority, the authority should have the power to establish minimum entry criteria, which should include the following: i. The applicant’s beneficial owners, board members, senior management, and people in control functions demonstrate integrity and competence. Appropriate governance and internal controls are in place, including specific controls to mitigate ii. consumer protection risks. Measures to protect consumer funds, interests, and privacy are adequate. iii. h. The legal framework should include provisions establishing an effective supervisory authority with power to use a range of supervisory tools to ensure compliance with the laws relating to consumer protection. i. The legal framework should be developed via a consultative process that encourages input from affected markets, relevant authorities, collaborative arrangements such as national payment councils (NPCs), and consumer associations. Explanatory Notes tion for the supply of payment services, and laws on the A sound and appropriate legal framework is the basis for efficiency of the national payment system as a whole. an efficient payments system. In light of the current rapid PSPs should be duly supervised and overseen by the transformation of the market based mainly on innovation relevant authority. One of the tools used for supervision in technologies, legislation on the legal validity of elec- and oversight of payment systems and services is requir- tronic contracts and signatures is required, to also cover ing PSOs, issuers of payment instruments, and other PSPs electronic (that is, non-paper-based) money transfers to obtain a license from a designated regulator. This is and procedures for authorization. These rules would not indeed common practice in all countries with new legisla- only ensure legal enforceability of new payment instru- tion on retail payments. However, due to the wide range ments, but also guarantee adequate protection of con- of payments services and the varying roles played by dif- sumers where technology requires new forms of ferent PSPs, various methods of granting approval to protection (such as in protection and correct use of enter the market may be allowed—ranging from full- codes of access). fledged licensing mechanisms to less burdensome mech- Other relevant pieces of legislation that affect the anisms for authorization to registration only—all combined soundness of the legal framework of the payments system with a certain range of supervisory/oversight discretion to include laws on the security of payment instruments and ensure that the same risks are treated the same way across telecommunication networks, legislation on free competi- all PSPs. Annex A: Retail Payment Services   177 For example, in cases where PSPs are providing activ- The application of the financial consumer protection ities with low risk, a mechanism for basic registration can legal framework in the case of e-money may be less clear be put in place. Registration implies that the PSP does when compared to traditional payment services managed not need a prior approval by the regulator (through by banks, in which the services are usually closely associ- either a full-fledged licensing mechanism or another less ated with the banking business and the opening of burdensome method, such as obtaining an authoriza- accounts. In this case, the consumer protection legal frame- tion). The PSP simply informs the authority of its exis- work covering banking services is often extended to tradi- tence and the kinds of activities performed. It may be tional payment services used to move money from accounts required to provide information on such activities on a (as in the case of checks). However, e-money and other regular basis. Registration should be the minimum crite- innovative payment services emerging in a wide range of rion required to permit authorities to monitor the correct countries are often offered by nonbank providers, or when application of minimum standards in the market, includ- offered by banks, they may be kept separate from the bank- ing for consumer protection. ing business (that is, run separately from the core banking Although this is currently much less frequent than in account system). As a result, existing consumer protection the past, in some countries, PSPs may not be fully subject legal frameworks (whether for banking products or pay- to regulation or enforcement procedures, even though ment services) are often less likely to be directly applicable they are effectively providing a payment service that is to nonbank PSPs, resulting in a gap in the legal framework. subject to financial consumer protection requirements. In order to mitigate these shortcomings, comprehensive This issue is usually due to lack of adequate legislation on legislation on the national payment system is recommend- the provision of payment services, and should be effec- ed. At the same time, a functional approach may be used tively addressed by taking a functional approach that for financial consumer protection—that is, a set of similar brings all PSPs under the scope of the relevant authority provisions applying to users of retail payment services irre- depending on the type of payment service provided. spective of the institutional qualities of the provider. A2: INSTITUTIONAL ARRANGEMENTS AND MANDATES a. The authority (or authorities) in charge of implementing the financial consumer protection legal framework should have an explicit and clear legal mandate for consumer protection with respect to retail payments. b. The authority should have legal powers to Issue binding regulations for financial consumer protection in relation to retail payment services i. and PSPs, as well as guidelines or other instruments under these regulations; and Implement and enforce the application of the financial consumer protection legal and regulatory ii. framework. c. The payment system overseer, if different from the authority, should have a role in the formulation of the consumer protection framework for retail payment services and include these topics in the scope of its oversight activities, as appropriate. The two authorities should coordinate and cooperate. d. The authority should have an adequate allocation of resources and be operationally independent from external interference from political, commercial, and other sectoral interests. e. Appropriate legal protection should be established to protect the authority and supervisory staff members from personal litigation in the good-faith exercise of their supervisory duties. f. Any overlap between the legal mandates of different authorities implementing the financial consumer protection legal framework, as well as between such authorities and the payment system overseer, prudential, competition, and other authorities, should be minimized. g. The authority should collaborate with payment system overseers to study and analyze trends in consumer protection issues, with a view to instituting appropriate policy and regulatory changes to payment systems and payment services and also operating rules, procedures, and risk-management measures for the underlying payment systems infrastructure. h. The authority should coordinate with consumer and industry associations, the NPC or its equivalent, and the media, to ensure that they play an active role in promoting financial consumer protection. 178   Good Practices for Financial Consumer Protection Explanatory Notes ever, whereas supervision can be the competence of a See the explanatory notes for A2 in chapter 1, number of different authorities, oversight is usually carried “Deposit and Credit Products and Services,” which out by the central bank. The overseer also has an overar- generally apply to retail payment services. ching function of coordination—to ensure that different A number of regulators and other entities may be policies and objectives within the national payment sys- involved in the protection of consumers of retail payment tem are kept consistent—and has a holistic understanding services, resulting in potential fragmentation and the risk of the sector. of regulatory arbitrage. The following entities may be Overseers often have an explicit objective to maintain involved to varying degrees with the implementation of trust and confidence in money. In fact, the General Guid- consumer protection laws and regulations with respect to ance on National Payment Systems Development recog- retail payment services: (i) the central bank, as the over- nizes that, where there is no dedicated institutional seer of the national payment system; (ii) the banking/ arrangement for consumer protection related to payment financial services supervisory authority; (iii) the telecom- services, this could be part of the payment systems over- munication regulatory agency (for usage of telecom ser- sight function. Accordingly, in many jurisdictions, payment vices incidental to payment services); (iv) a dedicated system overseers maintain an interest in and actively study financial consumer protection or market conduct author- consumer protection related to payment services. Where ity; (v) the competition agency (from the perspective of overseers do not have a full mandate to regulate this impact on consumers from uncompetitive market condi- topic, they should collaborate and cooperate with other tions); and (vi) general consumer protection agencies relevant authorities. (which are not focused on financial sector). Even in the presence of a dedicated authority covering When multiple authorities exist, cooperation and coor- financial consumer protection issues with respect to retail dination mechanisms are strongly needed to implement payments, a potentially effective approach to achieve the legal framework for consumer protection in retail pay- interagency collaboration and coordination is including ment services effectively. Coordination should be ensured consumer protection in the agenda of existing NPCs. by way of clarity in the mandate of each relevant authority NPCs can either be created with a legal personality or set and by institutional arrangements between authorities. It up as advisory bodies by the central bank or other rele- is currently good practice for central banks and supervi- vant authorities. The membership of NPCs is usually sors in the sector to stipulate memorandums of under- broad, encompassing various regulatory bodies, PSPs, standing, which should be extended in scope to also PSOs, and, potentially, consumer rights associations. cover issues of protection of consumers. NPCs usually create working groups/task forces to study In some countries, such as in Australia, Mexico, Peru, specific areas, such as risk management, legal and regula- and the United Kingdom, a separate authority indepen- tory framework, marketing, technology and operations. dent of the central bank is responsible for financial con- While work streams dedicated to consumer protection sumer protection or market conduct, including retail issues are an option, these can also focus on specific con- payment services. In such cases, the functions of con- sumer protection issues, such as fraud-related aspects in sumer protection are concentrated into a single authority. risk management, redress, and other requirements related The payment system oversight function exercised by to consumer protection. the central bank is fundamental for guaranteeing the ade- Finally, in some countries, more than one of the func- quate and proper functioning of the national payment tions related to payment systems, including the imple- system, including the protection of consumers of retail mentation of the consumer framework for retail payments, payment services. In this instance, supervision and over- could be handled by different organizational units/entities sight are distinct. Whereas supervision traditionally within the same institution, most commonly the central focuses on prudential standards and is centered on the bank. Therefore, intra-organization collaboration and soundness of individual operators, oversight focuses on coordination will be important, especially where the pri- their activities and their relations within the various pay- mary responsibility for consumer protection is placed out- ment systems and is mainly concerned with the risks inher- side the payments oversight function at the central bank. ent to each activity and the efficiency of the payment This could be facilitated, for instance, through designated system as a whole. These two functions, although sharing committees/standing groups on consumer protection a number of objectives and tools, are clearly distinguished with respect to retail payment services. and are often performed by different authorities. How- Annex A: Retail Payment Services   179 A3: REGULATORY FRAMEWORK a. There should be a comprehensive regulatory framework that elaborates on the law to protect consumers of retail payment services. b. At a minimum, the regulatory framework should include Transparency and disclosure requirements; i. Fair treatment and business conduct, including: ii. 1.  Protection and availability of customer funds; 2.  Authorization, authentication, and data security requirements; 3.  Liability for errors, fraud, and unauthorized transactions; and 4.  Operational reliability; Data protection and privacy; and iii. Dispute resolution mechanisms. iv. c. Such regulations should be legally enforceable and binding on PSPs. d. The regulatory framework can use a principles-based approach, a rules-based approach, or a hybrid approach. e. The regulatory framework should be consistent, including across regulations issued by different authorities with respect to similar retail payment services that may be provided by different types of PSPs. f. Regulations should be written in a manner that minimizes ambiguity and the possibility of differing interpretations. g. The formulation of regulation should involve consultation with a range of relevant parties, including affected industries, government authorities, and consumer associations. A good mechanism to ensure such consultation is the NPC. h. Regulation should take into account international guidance and standards and benefit from research regarding the regulatory practices of other countries and consumer research and behavioral economics. However, model laws and other countries’ regulations should not be transplanted without customization to a country’s particular context. Explanatory Notes affect consumers (such as strategic, reputational, opera- See the explanatory notes for A3 in chapter 1, tional, and compliance risks). It is also important that the “Deposit and Credit Products and Services,” which regulatory framework pertaining to retail payment ser- generally apply to retail payment services. vices includes protection against fraud and misuse of the As noted in chapter 1, specific rules should be estab- instrument, since these issues strongly affect the trust of lished for outsourcing and agents, since a number of consumers in non-cash payments, in particular non-pa- risks related to the use of third parties can adversely per-based instruments. 180   Good Practices for Financial Consumer Protection A4: SUPERVISORY ACTIVITIES a. Consumer protection supervision should be risk-based, with the purpose of focusing on riskier areas and PSPs while optimizing the use of supervisory resources. b. Supervision should be comprehensive, proactive, and mostly forward-looking, aimed at identifying emergence of poor practices. c. The authority should collect and use quality and timely data, including data reported by PSPs in a standardized, electronic format. d. The planning of consumer protection supervisory activities should be conducted on a regular basis within a documented framework and following a set process. e. Supervisory procedures should be based on specialized supervision manuals, to ensure standardization and consistency. f. The authority should deploy an adequate range of supervisory tools and techniques (for example, market monitoring, off-site and on-site inspections, thematic reviews). g. Although it may play a role in facilitating the resolution of individual consumer complaints, the authority should focus primarily on regulatory and supervisory activities. h. The authority should evaluate its supervisory approach, tools, and techniques, as well as supporting information systems, on a regular basis, to enable its staff to effectively assess institution-specific and market-wide risks. i. Supervisory staff should meet high professional standards and have sufficient knowledge and appropriate expertise and training to carry out financial consumer protection supervisory activities. Explanatory Notes systems, and may not be actively engaged in direct super- Payment services are very heterogeneous, ranging from vision of retail PSPs (as in El Salvador, Mexico, and the traditional paper-based products linked to bank accounts United Kingdom). In some countries, such as Ghana, Kenya, (for example, checks) to e-money services provided by and Tanzania, the payments oversight unit at the central nonbanks. Many of these payment services involve inno- bank may be more engaged in monitoring, and, hence, vative technologies, delivery channels, and business mod- consumer protection could be added to their supervisory els. Identifying and keeping track of consumer protection activities in the absence of a specialized team dedicated to issues in fast-paced markets such as electronic retail consumer protection for retail payment services. payments require sufficient resources and capacity and a Since consumer protection issues are not necessarily well-designed, effective, forward-looking supervisory covered in traditional prudential supervisory activities, it is approach. Leveraging skills and resources across different important that a specific supervisory program is created departments or authorities (for example, between the for this area, based on a risk-based approach, with criteria financial consumer protection authority and the payment that identify the most relevant consumer issues and insti- systems overseer) and involving external experts (such as tutions and the most appropriate supervisory activities for survey companies, to conduct payment costs surveys) each of them. Such program should exist irrespective of could help bridge gaps in resources and capacity. whether consumer protection in retail payment services is If no specialized authority or unit is dedicated to moni- dealt with by a specialized unit/authority, or by prudential/ toring of compliance with financial consumer protection payments supervisors/overseers. Detailed supervisory rules, consumer issues would need to be included in the guidance for on-site and off-site procedures covering the existing functions of institution-focused supervisors or the key consumer issues in bank and nonbank PSPs should be overseer. For instance, where banks offer retail payment developed as well. While a product-cycle approach may services, their consumer protection issues could be cov- be adequate for services such as credit and insurance, it ered in the ongoing supervision pertaining to banking ser- may be less useful for most retail payments, given the vices. The responsibility for supervising nonbank PSPs lower level of complexity in consumer interactions and varies more widely across countries, as the payment over- shorter duration of product life (with the possible excep- seer may focus on oversight and on large-value payment tion of e-money services). Annex A: Retail Payment Services   181 The supervisory program for consumer protection in In some contexts, payment services involve extensive use retail payments should comprise a mix of supervisory of agents, notably for e-money services in many develop- tools, including on-site and off-site supervision. Tools that ing economies such as Bangladesh, El Salvador, Ghana, are less often used for prudential supervision should be Kenya, Paraguay, Rwanda, and Tanzania, but also for cash- considered. Mystery shopping, for instance, is a useful based bill payments (for example, across Latin America). tool for checking on regulatory requirements that contain The number of agent locations can be several multiples a timing element (for example, disclosure of price infor- that of traditional physical bank branches. For example, in mation before a transaction is performed) or an element China, there are over 900,000 agent locations and around of human behavior (such as non-discrimination and 89,000 bank branches.14 Such agents should also be high-quality service). Also, it is useful and cost-effective to required to maintain standard practices with respect to conduct thematic reviews (which combine on-site and off- financial consumer protection. In such cases, supervisors site analyses) on key consumer issues, to assess the level should focus on the risk-management practices of the PSP of risk across different providers. For example, thematic (the principal), such as for signing up new agents, their reviews of the contractual terms of prepaid cards, mobile training, ongoing monitoring, and other risk-management money fees, or processing times in international remit- procedures—including transaction monitoring, anti-money tances could be conducted. The Financial Conduct laundering and combatting the financing of terrorism Authority in the United Kingdom reviewed how PSPs dealt (AML/CFT) efforts, and agent dismissal—in order to ensure with unauthorized transactions and also conducted a the- that PSPs are adequately managing agents for financial matic review of mobile banking and payments. With consumer protection purposes. While supervision would respect to the latter, one of the key findings was that be focused primarily on the headquarters of the PSP, cer- smaller screens and keypad sizes increased the risk of con- tain issues that may be subject to mystery shopping or sumer error, although the measures put in place by PSPs in-person observation by supervisors do require sampling to mitigate such risk were considered satisfactory.13 agents for on-site visits.15 In addition, specific categories Supervision should, at a minimum, and at least with could be created for agents with the largest share of trans- respect to selected PSPs and services, perform the fol- actions, agents who have been on-boarded recently, or lowing: agents about whom the most complaints have been raised, for which direct monitoring by supervisors (whether on-site • Assess the business practices and their relationship or off-site) may be warranted. The ITU-T Focus Group Dig- with the PSP’s governance structure, corporate culture, ital Financial Services gives specific recommendations for revenue and growth model, and risk-management supervising digital financial services with respect to con- structure, internal controls, as well as staff and execu- sumer protection and experience, such as taking a harmo- tive compensation policies nized approach to agents of banks and other PSPs.16 • Scrutinize the main services throughout the product As in other sectors (such as banking and insurance), cycle (research, design, marketing, sales and distribu- there is a very close relationship between strong risk-man- tion, contracting, post-sales) agement practices and governance at PSPs and ensuring • Assess the effectiveness of internal complaints handling an adequate level of consumer protection. Operational mechanisms, including how the analysis of complaints and risk-management aspects—in particular, the existence statistics is used at the corporate level to improve prac- of robust arrangements that result in safety, security, and tices, products, and services on an ongoing basis reliability of retail payments—should be subject to effec- tive ongoing supervision, regardless of the framework for • Assess the level of compliance with legal and regula- covering supervision of consumer protection issues. In tory requirements order to ensure optimal use of supervisory capacity and • Assess compliance with the PSP’s own policies and get the most out of specialization of supervisors without possibly industry self-regulation and codes of conduct ineffective overlaps, coordination between the supervision (COCs) of these two aspects should be close. For instance, in Mex- • Assess the role and impact of the most relevant third ico, many consumer issues, such as the incidence of fraud parties involved in service design and delivery or con- and the handling of complaints related to unsuccessful sumer interaction functions, such as agents and mer- banking transactions, are addressed within the scope of chants the operational and technology risk supervision conducted by the banking supervisory authority, and there is constant • Monitor relevant market developments and the emer- coordination and information sharing with the dedicated gence of new or increased consumer issues across financial consumer protection authority. various PSPs 182   Good Practices for Financial Consumer Protection A5: ENFORCEMENT a. The authority should have clear powers to negotiate and impose preemptive and corrective measures in the course of its supervision, to address non-compliance and instances of misconduct. b. The authority’s enforcement powers and tools, and the actions taken against PSPs, should create a credible threat of enforcement against lack of compliance with the legal and regulatory framework. c. The authority should have an adequate range of enforcement powers and tools to allow it to investigate and address various situations adequately (for example, reprimands, withdrawal of products, fines, suspension of management, or compensation to affected customers). d. The authority should strive to be gradual, proportionate, timely, and consistent in the application of its enforcement powers. e. There should be effective coordination between the areas or authorities responsible for supervision and those responsible for enforcement, including relevant enforcement agencies. In particular, the supervisory authority should have functional coordination mechanisms with overseers and regulatory authorities, to address any interventions required at the level of a PSO, to enforce its actions, and also to communicate any of its enforcement actions that might have a bearing on them. f. The authority should have the power to refer cases to the judiciary as well as other agencies for civil or criminal action. Explanatory Notes See the explanatory notes for A5 in chapter 1, “Deposit and Credit Products and Services.” A6: CODES OF CONDUCT AND OTHER SELF-REGULATION a. The legal and the regulatory framework should allow for the emergence of self-regulatory organizations, including industry associations. b. PSPs that are unregulated with respect to consumer protection should be encouraged to design, adopt, disseminate, and enforce COCs or other types of self-regulation (although this should not be viewed as a substitute for regulation). c. Self-regulation related to consumer protection to be adopted by regulated entities should be created in consultation with the relevant authority and other relevant stakeholders (for example, payment system overseers). d. COCs and other self-regulation should be written in plain language and without industry jargon to ensure that consumers and providers can easily understand them. e. COCs and other self-regulation should be publicized and disseminated so that they are known to consumers. f. To the extent possible, the authority should take actions to encourage or check compliance with self- regulation by PSPs and should use self-regulation when evaluating a PSP’s conduct. Annex A: Retail Payment Services   183 Explanatory Notes It is also good practice for payment systems to have The industry itself may develop COCs or self-regulatory their own operating rules and procedures that are con- regimes. Provided that they are properly designed with tractually binding on PSPs. These rules and procedures appropriate governance arrangements and sanction pow- often provide the PSO with powers to levy penalties and ers, they may be a useful complement to formal regulation. also to allocate responsibility for frauds and errors. These In many countries, COCs for banking products and ser- rules and procedures include, among other things, the fol- vices often include references to payment services. In lowing elements of consumer protection: India, the Code of Bank’s Commitment to Customer, • What information should be provided to customers administered by the Banking Codes and Standards Board of India, is an example of a general code for banking • Eligibility requirements for some products (for exam- products that also covers specific payment services and ple, income requirements for premium payment cards) instruments often offered by banks—debit cards, remit- • Minimum standards for customer service tances, and funds transfers.17 This board also monitors compliance of its members with COCs and publishes a • Dispute resolution framework compliance rating index annually. Further examples of • Processing timelines COCs specific to payments services include the Australia ePayments Code, which applies to payments, funds trans- • Requirements regarding transparency on pricing (for fers, and cash withdrawal transactions that are initiated example, card networks often require the acquirer to using electronic equipment, and the Hong Kong Banking display any specific fees charged for withdrawing cash Code of Conduct, which was approved by the Hong Kong from automated-teller machines [ATMs]). Monetary Authority and covers electronic banking ser- PSOs implement specific programs to monitor compli- vices (chapter 6) and stored value cards and devices ance through data collection, self-reporting, and on-site (chapter 7). inspections. An example is the Zero Liability Program of There are also model COCs for particular payment Visa and MasterCard,21 which requires the PSPs using the products and services advocated at the global level—for Visa and MasterCard network to communicate to card- example, the Code of Conduct for Mobile Money Provid- holders that, subject to certain conditions, customers ers issued by the GSM Association in 2014,18 the code of have zero liability for any unauthorized transaction. Visa conduct for remittances advocated by the World Bank in a and MasterCard also have global communication cam- publication in 2010,19 and the Better Than Cash Alliance paigns about this program and have internal compliance Responsible Digital Payments Guidelines, which also mechanisms in place to ensure their PSPs honor this include guidelines for developing a national COC.20 requirement. A7: DISSEMINATION OF INFORMATION BY THE AUTHORITY a. The authority should make readily available to the general public, at no cost, at least through its website, minimum relevant information to help it achieve its statutory goals and increase its transparency and accountability. This information should ideally include A clear and thorough description of its regulatory and supervisory mandate and remit and the role of i. other authorities, if applicable, as well as whether any PSPs are not covered by any authority with regard to consumer protection; Its annual reports, with general statistics about retail payment services and a description of ii. supervisory objectives and activities undertaken in the past year; A list or database with all licensed/authorized/registered PSPs and their regulatory/supervisory status; iii. and Laws and a compilation of all regulations on financial consumer protection pertaining to PSPs. iv. b. Resources permitting, the authority should strive to publish additional information that can help to achieve its objectives, such as aggregated statistics on consumer complaints or examples of supervisory findings and enforcement actions. 184   Good Practices for Financial Consumer Protection c. To the extent possible, the authority should coordinate with a variety of stakeholders, such as industry and consumer associations, the media, and other government agencies, to increase the reach of the information it disseminates. Explanatory Notes As noted in A7 of chapter 1, “Deposit and Credit Products other channels (such as newspapers) may be used as well. and Services,” disseminating information is important to The Internet is usually a less costly medium than printed increase supervisory effectiveness in financial consumer dissemination. For example, the United Kingdom’s Pay- protection. Publicizing information about the regulatory ment System Regulator (operating under the Financial status of PSPs is important, given that this is a very diverse Conduct Authority) puts on its website the regulatory sector where the use of third parties is commonplace, and framework and approach, interagency-coordination also given that environment is changing fast, making it mechanisms, its annual plan, a statement of its focus, difficult for the public to access updated information. Dis- explanations about the payments system and the card semination can also facilitate the coordination across rele- industry in particular, market reviews, and guidance about vant authorities, or across different departments of the complaints against PSPs, as well as other useful informa- same authority. tion. Several jurisdictions require reporting of customer The range, depth, and complexity of information to be disputes/complaints to relevant authorities, which are published by the authority in charge of consumer protec- then consolidated and disseminated widely. See A7 in tion in retail payment services, and the channels and chapter 1, “Deposit and Credit Products and Ser- materials used, will depend on the resources available to vices,” for further details. the authority and on the priority given to different con- In addition, efforts have been made by national pay- sumer issues, although the authority should strive to dis- ment overseers to disseminate price comparisons in cer- seminate on its website at least the four items listed under tain key retail markets. For instance, numerous countries clause A7(a), above. For the benefit of consumers and the have joined a global effort to collect and disseminate, general public, and in line with international standards set through a single web portal managed by the World Bank for prudential supervisors, the financial consumer protec- Group, price information on international remittances tion authority should publish a list of all registered and contained in national databases, with the ultimate objec- authorized/licensed PSPs and keep the list updated. tive of reducing overall costs to consumers.22 Another Resources permitting, the list should have links to the example is the central bank in Mexico, which disseminates websites of each PSP. periodic information about ATM fees and payment card Dissemination of information should be done at least fees (including the MSF and the interchange fees),23 which through the authority’s institutional website, although are usually further disseminated by major newspapers. B: DISCLOSURE AND TRANSPARENCY B1: FORMAT AND MANNER OF DISCLOSURE a. Any advertisement, sales material, or other form of communication or disclosure by a PSP to a consumer (whether written, oral, or visual) should be in plain and easily understandable terms, not misleading, and should use at least the language that is prevalent in the geographic area in question. b. Any written communication (including in electronic formats) should use a font size, spacing, and placement of content that makes the communication easy to read for the average person. c. Key documents, such as consumer agreements, forms, receipts, and statements (including those provided in electronic format), should be provided in a written form that can be kept or saved by the consumer. d. Written, oral, and visual communications should contain and highlight key features of a given product or service (for example, price and risks) prominently. e. The regulatory framework should establish the timing of key disclosures to the consumer, particularly during the shopping, pre-contractual, and contractual stages. Annex A: Retail Payment Services   185 f. Standard indicators for total comprehensive cost of a product or service and standard methodologies for the calculation of such indicators should be established by the authority, in order to ensure consistency across PSPs and enable consumers to compare products properly. g. Adaptations to regulatory requirements should be considered to allow for innovation in product design and delivery with respect to electronic payments, while mitigating potential risks to consumers due to disclosures that may be less comprehensive, more difficult to read, or harder to store. h. In addition to key product/service features, communication materials should disclose The regulatory status of a PSP; i. Contact information for the internal complaints handling mechanism of the PSP; and ii. Contact information for the relevant external dispute resolution mechanism, if any. iii. Explanatory Notes tional services. It is usually more cost-effective for the PSP, See the explanatory notes for B1 in chapter 1, “Deposit and more convenient for consumers, to leverage some and Credit Products and Services,” which generally authenticated interaction, such as an ATM transaction, to apply to retail payment services as well. handle additional sign-up processes and the disclosure of In the case of retail payment services, in addition to the information related to such additional services. interactions between the consumer and PSP at the time of PSPs may use their website, call centers, ATMs, and sign-up for the account or the initial service, there could other physical points of presence to communicate stan- be additional services to which the consumer subscribes dard terms and conditions and any changes to them. Pre- over a period of time. An example of this is a customer recorded calls, SMS text messages, and social media who at the time of opening a bank account did not sign mechanisms are other channels that are used by some up for a debit card or Internet banking services, because PSPs. These practices should be taken into consideration those services were not offered at the time. Subsequently, when designing flexible rules on the format and manner when the bank introduced debit cards or Internet bank- of disclosure for retail payment services. In principle, ing, it required additional subscriptions with their own usage of these mechanisms could be encouraged, pro- specific terms and conditions. In general, good practices vided, however, that PSPs clearly inform customers of the with respect to the format and manner of disclosure channels being used for such important communications should apply to all subsequent interactions as well. How- and ensure that consumers understand the information ever, some specific considerations need to be taken into provided. As emphasized by the ITU-T Focus Group Digi- account. Requiring physical interaction and a physically tal Financial Services, it is important that consumers clearly signed acknowledgement of terms and conditions can be understand the information provided, even when this is onerous and could, in fact, affect the adoption of addi- done through digital means.24 B2: ADVERTISING AND SALES MATERIALS a. In addition to the general requirements in B1, PSPs should be required to ensure that its advertising and sales materials Do not contain misleading or false information; and i. Do not omit information that is important to a consumer’s decision to purchase any of their products ii. or services. b. A PSP, if applicable, should be required to disclose its regulatory status in its advertising materials. c. A PSP should be legally responsible for all statements made in advertising and sales materials. 186   Good Practices for Financial Consumer Protection Explanatory Notes These main elements that are the focus of advertising See the explanatory notes for B2 in chapter 1, “Deposit by PSPs should be aligned with the good practices and Credit Products and Services,” which generally described above in order to avoid misleading customers, apply to retail payment services as well, but note that for in particular when they are urged to shift from one PSP to many simpler types of payment services, PSPs make very another. For instance, if multiple providers of mobile little marketing effort. money in a country pay interest, it may be useful if market- Sales and marketing are more often found with respect ing materials use a standard manner to disclose the effec- to international remittances and prepaid instruments, tive rate of return relative to a common reference account including mobile money and other e-money services. balance, discounting such fees as maintenance fees, and Regarding remittances, advertisements usually focus on perhaps even to provide the cost of a set of common cost and speed (in addition to distribution network). monthly transactions. Regarding mobile money in developing countries (partic- In the case of an international remittance transfer, rele- ularly in Africa), the focus of advertising has been shifting vant information to disclose in marketing materials should from highlighting how much more convenient it is to send include money to friends and family via mobile money transfers • Fees; than over traditional methods (such as couriers) to the • Exchange rate applied; costs (for example, fee comparison) and rewards of such • Base exchange rate; services. For example, payment of interest in the prepaid • Fees to be paid by the recipient; and funds is an emerging practice. • Locations where the recipient can receive the funds. B3: DISCLOSURE OF TERMS AND CONDITIONS a. Before entering into a formal agreement with a consumer on the basis of which a payment service may be provided on a regular basis (as compared to ad hoc services), a PSP should be required to inform the consumer in writing (including in electronic form) about the following: Identification of the PSP, at a minimum by its full name and address and, where applicable, also by its i. identification number and contact details Key service features (including risks) and terms and conditions of the agreement ii. All costs, fees, and charges (including from third parties, particularly if related to the use of a payment iii. instrument) that arise or may arise from the agreement, when they can be applied, and how they are calculated How and when the terms and conditions may be altered unilaterally by the PSP, and if, how, and when iv. the consumer will be warned about changes to the agreement (see B7) Key rights and responsibilities of the consumer v. Penalties and any other remedies the PSP may seek to impose in the event of a perceived breach of vi. the agreement by the consumer How disputes with the PSP can be solved, with contact and process information about internal and vii. external dispute resolution mechanisms available (see E1 and E2) A summary of procedures in the event of suspicious, unauthorized, or mistaken transactions, fraud, viii. system malfunctions, or lost or stolen payment instruments and/or authentication information, including contact information, relevant fees and charges, and the parties’ liability in such cases Any transaction restrictions (such as limits on the value of daily transactions or number of withdrawals ix. per month) and balance limits b. The PSP should provide a printed or electronic copy of the final agreement containing at least the information listed in clause B3(a) to the consumer at signing. c. In addition to the information listed in clause B3(a), the regulatory framework should require specific disclosures in product or service agreements according to the type of product or service being contracted. d. If applicable, a COC to which the PSP underwrites should be provided or made available by the PSP to the consumer at signing of the agreement. Annex A: Retail Payment Services   187 e. Before placing an order for an individual payment transaction, a PSP should inform a consumer in writing (including electronic format) about the following items. Such information should be provided at the first instance, with the option to review again before subsequent transactions. Unique information necessary to be provided by the consumer for proper use of the payment i. instrument concerned (for example, the sender’s details, an account number, a telephone number that identifies an e-money or other mobile-based account, PINs/passwords, recipient details, and so forth) Information about time limits relevant for execution of the transaction (including internal, external, ii. debit, and credit transactions), and the point of time from which the time limits count, including the instant of finality and irrevocability of the order All fees and charges charged by the PSP to the consumer and, where applicable, fees imposed by third iii. parties The applicable exchange rate iv. f. Separate from the disclosure of terms and conditions for a product or service, a PSP should make consumer guidebooks or similar guidelines available—free of charge on the PSP’s website, via other electronic channels where feasible, at branches and agent’s outlets, and on request—that cover, at a minimum, the following: The proper usage of electronic devices used for making transactions and access codes i. Security risks involved with devices and abuse of access codes (for example, malware, identity theft) ii. Details of the required security measures to be followed by the consumer iii. Circumstances in which the consumer will be liable for losses (such as certain unauthorized and iv. mistaken transactions) Contact details to notify the PSP of any lost or stolen payment instrument or access code, or v. unauthorized transaction (for example, a customer service hotline) Explanatory Notes and/or associated payment instruments. These additional services and benefits could have a specific price, though a General principles bundled price structure is most often created. All of these Effective disclosure and transparency not only promote scenarios illustrate the difficulties consumers face in deter- greater use of cost-effective payment instruments, but mining the unitary cost of their payment services. also promote consumer confidence and trust in those Good practice requirements for disclosing terms and instruments and related products. PSPs should always be conditions of payment services will vary based on whether transparent in stating actual fees and use methods of dis- it is an ad hoc transaction (such as a remittance) or a con- closure that make it easy for the user to compare products tract-based relationship on which payment services are and services.25 However, consumers of retail payment provided repeatedly (for example, a mobile money instruments and services often are not certain about the account). Further, specific disclosure requirements are real cost of a particular payment instrument. When they needed for specific services and for suspicious, mistaken, rightly or wrongly attribute a higher-than-expected cost to unauthorized, or fraudulent transactions. (See below.) Dif- the payment instrument, they tend to reduce its usage. ferent types of users of a retail payments service (for Lack of full understanding is due in part to the com- example, a payer versus a payee) will require different plexity of pricing. Retail payments often involve using types of disclosure. Different disclosure requirements may another financial service, such as a current account, which also need to be applied to different types of PSPs (for could have various levels and types of fees (for example, example, a payer’s PSP versus a payee’s PSP). periodic maintenance fees), and even ancillary services not directly related to the payment function, such as life or Specific disclosures for transaction accounts non-life insurance coverage, that might result in costs to The requirements for transaction accounts are similar to the consumer. Payment instruments also often involve an the requirements listed in B3 in chapter 1, “Deposit and element of subscription. For example, to pay using a Credit Products and Services.” Specifically, before credit transfer, payers need to sign up for that specific ser- entering into a contract for payment, current, savings, or vice even though they may already have bank accounts. prepaid/e-money accounts, the PSP should, in addition to With respect to costs directly associated with the payment the information listed in B3(a), above, inform the con- service, consumers might incur different per-transaction sumer of the following: fees26 or may be rewarded for using the financial product 188   Good Practices for Financial Consumer Protection • Charges or fees for account opening or minimum bal- use of the specific payment instrument (for example, ances specific software needed) • Account maintenance fees • Rights of the consumer to disable a payment instru- ment • Applicable interest yield • Summary of procedures in the event of lost or forgot- • Ability to check account balance ten information necessary for the authorized usage of • Responsibility of the consumer to keep their personal the payment instrument (such as a login, password, or information confidential, including PINs and pass- PIN), or lost payment instrument, including contact words linked to the account information, and applicable fees and charges • Whether an overdraft facility is included, and the fees • Expiration date of the payment instrument, if any and costs in case this facility is used • Basis for calculating the exchange rate applied to each • Where applicable, charges for issuing and clearing a transaction in the case of a payment instrument that check, and whether charges vary according to the can be used in foreign countries value of the check • Where applicable, consequences and costs to the con- Direct debit and direct credit transfers sumer of drawing a check/processing of a direct debit With respect to direct credit transfers, the consumer instruction with insufficient funds (payer) needs to receive confirmation of the receipt of the payment request, confirmation that it will be processed as • Procedures to countermand or stop a payment on a per a defined timeline, and notification if there are any check/processing of a direct debit instruction/mandate problems. The consumer also needs information pertain- issued by a consumer ing to when the payee would be paid, the exact amount • Duration of the contract (particularly if a prepaid that will be paid to the payee, and the process for address- account has an expiration date), procedures and fees ing any delays in processing the payment request. In (if any) for closing the account, and the ability to with- many systems, the consumer increasingly has a choice of draw the remaining balance receiving confirmations through various channels. In the absence of a confirmation being received, the consumer • The rights of the PSP to unilaterally close the account would have to use other less convenient means, such as • What constitutes an inactive account and the rights of contacting the payee to confirm receipt of payments. the PSP if the account becomes inactive, including In direct debit transfers, the consumer (payer) should applicable charges receive both a confirmation that an attempt would be made to collect the payment from his/her account on a • Any guarantee schemes covering the payment service specified date and also the status of the debit. or the absence thereof Specific disclosure for remittance agreements Specific disclosures for underlying payment instruments A remittance agreement requires many specific disclo- In addition to the aforementioned disclosure of terms and sures as well. The PSP and the underlying agreement conditions for transaction accounts and specific individual should inform a consumer of the following: payment orders, PSPs should also make the following • Total amount in an originating currency that will be specific disclosures for the continuous usage of certain paid by a sender underlying payment instruments (for example, EFTs; cards, including virtual cards; and e-money):27 • Total amount in a disbursing currency that will be paid to a receiver • Limits and restrictions in the usage of the instrument (for example, transaction limits, whether it works • Fees paid by both the sender and the receiver (and any nationwide, and so forth) relevant costs, such as taxes) and the exchange rate • Responsibility for securing personal information such • Time within which the remittance will be available for as passwords and PINs related to the payment instru- the receiver ment and the obligation to protect the security of the • Whether the above varies according to how the payment instrument receiver is paid or how much information the sender is • Instructions on how to use the payment instrument (for able to provide about the receiver example, how to make a payment order), including • What documentary proof the recipient is required to technical requirements in the case they are relevant for provide Annex A: Retail Payment Services   189 • Whether and how the PSP will inform the receiver actions that can be performed, and information on how to when the funds are available make a complaint (Article 4). In Hong Kong, Article 40 of the Banking Code of Conduct provides that institutions • Responsibility for securing personal information, such should make readily available to customers general infor- as passwords and PINs, related to the payment instru- mation relating to the use of e-banking services, including ment, and the obligation to protect the security of the information regarding (a) the customer’s liability for unau- payment instrument thorized transactions; (b) all fees and charges that will • Points in a receiving country where the remittance can apply to the e-banking service; (c) relevant statement(s) in be disbursed relation to protection of customers’ personal data; (d) cus- • Ability (if any) of the sender to revoke the transfer after tomer obligations in relation to security for the e-banking it has been paid for service, including observing in a timely manner the rele- vant security measures specified from time to time by the • Procedures for error resolution in case the transfer fails, institutions for the protection of customers; and (e) the and the contact information for the PSP in the sending means for reporting security incidents or complaints. Sec- and the receiving countries tion 14 of the Reserve Bank of India’s Prepaid Instruments For example, chapter B of the Australian ePayments Code Guidelines covers issues related to disclosure and redress requires institutions to disclose terms and conditions, mechanisms. It notes that “all pre-paid payment instru- ATM fees, and information about changes to terms and ment issuers shall disclose all important terms and condi- conditions (such as fee increases). Institutions are also tions in clear and simple language (preferably in English, required to disclose any fees or charges for issuing or Hindi and the local language) comprehensible to the replacing devices or passwords, fees and charges for holders while issuing the instruments” and further speci- transactions, limits on transactions, a description of trans- fies what items need to be disclosed. B4: KEY FACTS STATEMENTS a. A PSP should be required to produce key facts statements (KFSs) for major retail payment services on offer that summarize the main characteristics of the retail payment service. b. To increase effectiveness of disclosure, the regulator should set minimum standards for KFSs, including the following: Being concise and effectively written in plain, easy-to-understand language i. Standardized formula for disclosure of all-inclusive total cost or return ii. Standardized formats deemed to be the most effective for a particular service and the average target iii. clientele Standardized content, including at least iv. 1. The identity and regulatory status of the PSP; 2. The identity of the agent (if applicable); 3. Key product features, including specific mechanisms used for authentication and identification and risks; 4. Potential consequences and penalties if consumers fail to meet their obligations in the contract; and 5. Key contacts for the PSP’s complaints handling service as well as for an external dispute resolution mechanism (if any). c. KFSs should be signed by the consumer and given prominent placement when attached to the agreement. d. PSPs should be required to provide and explain KFSs through convenient channels, including at least the channel through which the particular service is provided. e. PSPs should be required to retain copies of KFSs signed by the consumer for a reasonable number of years. 190   Good Practices for Financial Consumer Protection Explanatory Notes oped a standardized “fee information document” that all See the explanatory notes for B4 in chapter 1, “Deposit PSPs in the member states need to make available to con- and Credit Products and Services,” which generally sumers.29 This document is intended to aid both compre- apply to retail payment services as well. hension and comparability. KFSs are also a good means to As an example, the EU Directive 2014/92/EU from highlight key information to consumers in simple lan- 2014, the Payment Accounts Directive, requires member guage and in local languages.30 states to ensure that during the pre-contractual stage, In the case of retail payment services, KFSs should PSPs give a “fee information document” to consumers on highlight the potential consequences when consumers fail paper or another durable medium containing the stan- to meet their obligations. For example, if consumers do dardized terms in the final list of the most representative not take reasonable steps to protect their authorization services linked to a payment account. Among other code, it may be difficult to recover money from fraudulent requirements, this document should be short, clear, and transactions. Or if consumers do not report an unautho- easy to understand and contain the title “fee information rized transaction within a certain time period after becom- document.”28 In line with the requirement included in the ing aware of it (such period should be clearly disclosed), EU directive, the European Banking Authority has devel- they may not be able to recover the funds. B5: TRANSACTION RECEIPTS a. Unless agreed otherwise, a PSP should be required to provide to a consumer a receipt in writing (including electronically) for any transaction executed by the PSP on the consumer’s account (for both debit and credit transactions) at the time when The transaction order is placed by the payer to confirm that the specific order has been placed; i. The transaction order/initiation is received by the PSP to confirm that the specific transaction order/ ii. initiation has been received; and The transaction is executed. iii. b. After a transaction is executed, both the payer’s and the payee’s PSP should issue a receipt that includes, at a minimum The PSP’s name, address, and licensing/registration number, if one has been assigned; i. In cases where an agent has been involved, its details; ii. The amount, date, time, and nature of each transaction; iii. The transaction reference number; iv. All fees and charges for the transaction, on an itemized basis; v. Details of the relevant counterparty (payer or payee); vi. The exchange rate, where relevant; and vii. Identification details of the instrument and/or device used to perform the transaction. viii. c. Notwithstanding clause B5(b), the transaction receipt should not allow a third party to identify the consumer. Explanatory Notes tion order is placed, an order/initiative is received, or a Given the prevalence of electronic payments, transaction transaction is executed, receipts should be provided receipts are crucial, as they often present the only evi- within a reasonably brief time period thereafter, in accor- dence readily available to consumers that proves their dance with general good practice in the industry. transactions. While PSPs usually carefully document trans- Examples of such requirements can be found in the actions on their customers’ accounts, such records may European Union, where Article 64 of Directive 2015/2366, not be available to consumers. These receipts may serve the revised Payment Systems Directive of 2015 (PSD2), not only for consumers’ personal records, but also in dis- states that PSPs should be required to provide a receipt putes with PSPs, merchants, or other consumers (payers/ for payments either at the time the payment is transmitted payees). If not immediately available at the time a transac- or when it is received by the payee.31 In Uganda, custom- Annex A: Retail Payment Services   191 ers should immediately receive written confirmation of the Code requires subscribers to take “reasonable steps” to execution of a transaction, including the fee charged.32 offer users a receipt for all transactions at the time of the The Central Bank of West African States requires that for transaction. The code goes on to note that this require- every e-money transaction, a receipt needs to be given to ment does not apply in certain cases, such as with respect the client, indicating the transaction number, the type of to low-value facilities or direct debit arrangements, where transaction, the name of the e-money issuer, the identity transactions are clearly identifiable on a statement. In the of the sender and receiver, the amount of the transfer, and case of low-value facilities, the subscriber must give con- transaction fees.33 In Australia, Article 5 of the ePayments sumers other means to check transaction histories.34 B6: STATEMENTS a. A PSP should issue and provide a consumer, free of charge, periodic statements of every account the PSP operates for the consumer for which a balance can remain on the account. b. PSPs should be required to provide the consumer with a closing statement when an agreement is terminated or concluded. c. The PSPs should preferably make statements available using at least the channel through which the payment facility was sold (that is, aligned to the manner in which the agreement was initially signed). d. The frequency with which statements are provided should be commensurate with the type of service and its term, in particular to allow customers to become aware of any unauthorized transactions. e. In general, statements for transaction accounts, with regard to the period covered, and depending on the type of product, (i) list the opening and closing balances and any repayment made in the period; (ii) list all transactions in the period; (iii) indicate the counterpart of each transaction (for example, a retail establishment where a credit/debit card purchase was made); (iv) provide details of the interest rate applied to the account; (v) provide details of the fees, exchange rate and other charges incurred by the customer in each transaction; and (iv) indicate any changes applied to the interest rates or fees. (See B7.) f. Statements should also generally inform the consumer regarding The regulatory status of the PSP and contact number for its customer service and complaints handling i. mechanism; and Contact information for the external dispute resolution mechanism. ii. g. Regulation should impose specific requirements for statements linked to the most commonly used retail payment services, which may include standardization of minimum content, format, and terminology, as well as frequency, timing, and manner of delivery. h. For certain accounts such as prepaid cards and other e-money services, in lieu of a regular statement, PSPs should have the option of providing consumers with easy access to check the account balance and transaction history. Explanatory Notes product categories, such as prepaid cards and e-money See the explanatory notes for B5 in chapter 1, “Deposit wallets, with a greater emphasis on providing easy access and Credit Products and Services,” which generally to check account balances instead. In some cases, PSPs apply to retail payment services as well. do not issue statements for e-money products and basic For retail payment services, requirements regarding bank accounts. In these cases, the customer might be the regular provision of statements should be calibrated notified for every transaction and offered some form of a to the complexity of the payment service in question. Issu- limited statement—for example, an electronic summary of ing statements represents a non-trivial cost to PSPs, and the last five transactions conducted, with additional infor- there is often an attempt to reduce the frequency and mation available upon request and also through auto- issue statements only when there is some activity.35 mated interactive voice-recording mechanisms. For Exemptions or more flexible approaches to the provi- example, in Uganda, mobile money service providers are sion of statements may be warranted for certain prepaid obliged to provide in writing the balance remaining in the 192   Good Practices for Financial Consumer Protection customer’s mobile wallet, as well as a statement on previ- consumers, though it includes an exception for low-value ous transactions, including hard copies if requested by facilities, where subscribers alternatively must give con- customers.36 Article 7 of the ePayments Code in Australia sumers a process for checking the balance of their facility requires subscribers to give statements of transactions to and their transaction history. BOX 5 Statements for Mobile Money Accounts? Mobile money—a transaction account opened and related to other products attached to the account, managed exclusively through mobile phones and such as mobile insurance and small loans. mobile money agents—allows the account holder to Regulators should be careful to avoid excessive or make several types of debits and credits to the inappropriate requirements for statements for prod- account. Despite its popularity in many developing ucts delivered electronically, which may have unin- countries, in particular in East Africa, South Asia, and tended negative impacts on financial inclusion. some Pacific Islands, and despite usually providing However, at a minimum, it should be easy for mobile free account balance enquiries, mobile money usu- money account holders to access, through their ally does not provide consumers with periodic mobile phone, account balances and information account statements where they can check the current about transactions performed in their mobile money account balance, all transactions conducted, and accounts going back a certain time period (aligned fees charged, as well as the existence of any charges with requirements for digital recordkeeping). B7: NOTIFICATION OF CHANGES IN RATES, TERMS, AND CONDITIONS a. A PSP should be required to notify its consumers, at least in writing (including in electronic form) and also orally or through other channels or means if deemed necessary, prior to any change in Any fees charged to the consumer (for example, transaction fees, or overdraft fees); and i. Any other key product feature or previously agreed term or condition (such as procedures for ii. cancellation, liability, or contact information for notification of unauthorized transactions). b. A PSP should notify consumers in case their transaction accounts have become inactive or dormant, and state the related consequences, including applicable charges. The notice should be given within a reasonable period in advance of the effective date of the change. c. The nature and extent of the change, particularly its potential impact on the customer, should dictate the required format and the length of the notice, and whether personalized, individual notification to a customer is required. d. If the revised terms are not acceptable to the customer and were not foreseen in the customer’s original agreement, the regulatory framework should guarantee the customer’s right to exit the agreement without penalty, provided that such right is exercised within a reasonable period, as established in the original agreement. e. Along with the notice of the change, PSPs should inform customers of their foregoing rights and how they can be exercised. Explanatory Notes See the explanatory notes for B6 in chapter 1, “Deposit accounts are considered dormant and how this should be and Credit Products and Services.” dealt with, including giving notice to customers.37 With regard to transaction accounts, it is particularly important that PSPs have policies establishing when Annex A: Retail Payment Services   193 C: FAIR TREATMENT AND BUSINESS CONDUCT C1: UNFAIR TERMS AND CONDITIONS a. A PSP should be prohibited from using any term or condition in a consumer agreement that is unfair. If used, such terms and conditions should be considered void and legally unenforceable. b. Except where expressly permitted by law, in any agreement with a consumer, a term should be deemed to be unfair if it excludes or restricts any legal requirement on the part of a PSP to act with skill, care, diligence, or professionalism in line with industry best practices toward the consumer in connection with the provision of any product or service and/or any liability for failing to do so. c. Product regulation and rules pertaining to product suitability should also play a role in shaping terms and conditions that are not harmful to consumers, in a balanced and flexible fashion that allows for innovation. Explanatory Notes payment instrument or any document related to it for var- The terms and conditions of service provision are typically ious reasons, including in the interests of the public.38 documented in some form of an agreement between a Over time, supervisors and regulators have discovered consumer and its PSP. The terms and conditions need to and addressed several critical issues with respect to trans- be fair and to bind the PSP to good business conduct. For action accounts. This often has involved aspects related to example, a term should be deemed to be unfair if it effec- closing fees (the fee levied to close an account) and main- tively deprives a consumer of access to justice in the case tenance fees (the fees for keeping an account in opera- of a dispute with a PSP. tion). In cases where the customers have not fully In some jurisdictions, PSPs are required to submit understood these fees, they may be surprised to find that these terms and conditions to the authority for review or their account balances have been depleted and that they for information. The authority is then empowered to are unable to recover the full balance when they close require the PSP to make changes to uphold consumers’ their accounts. These fees by themselves are not abusive interests and also to ensure for safety and efficiency of the unless they limit customer mobility (see also C3), as at national payment system. For example, Bank Negara times these are integral to the way the payment product is Malaysia (BNM) has several powers in relation to the spe- designed and necessary to make the business model cific terms and conditions of a product. In fact, not only do work. However, it is important to ensure that customers payment instruments have to be approved by BNM, but are fully aware of these fees not only up front but also BNM may also require a PSP to make modifications to a when such fees are being incurred. (See also B3 and B7.) C2: UNFAIR PRACTICES a. At all stages of the relationship, a PSP should be required to treat consumers fairly. b. PSPs should be required to consider the outcome for consumers of their products, services, procedures, strategies, and practices, to ensure compliance with clause C2(a). c. A PSP should be prohibited from, and held legally accountable for, employing any practice that could be considered unfair. d. The regulatory framework should also prohibit specific unfair practices related to particular retail payment products and services. e. Bundling and tying practices should not be permitted when such practices unduly limit consumer choice or hinder competition. 194   Good Practices for Financial Consumer Protection Explanatory Notes In such cases, authorities should consider rules govern- Unfair, deceptive, or abusive acts and practices should be ing fees charged for dormant accounts in order to balance prohibited. These might include discrimination, violation the negative impact on banks and PSPs with the impact of the consumer’s right of privacy, or participation in cor- on customers. In several jurisdictions, bank and PSPs are ruption or kickbacks. In addition to blatantly abusive con- required to effectively disclose their rules and policies duct, other behaviors might lead to unjust treatment of a around this matter and to provide customers adequate customer. notice. In addition, PSPs could be required to change the status of such accounts after a pre-announced period of Regarding transaction accounts: inactivity and charge reasonable fees for reinstating an account. Accounts with inactivity beyond a particular • A PSP should be prohibited from charging maintenance period of time could be closed permanently. fees on accounts that have reached zero or have a neg- For example, all prepaid payment instrument issuers ative balance for an unreasonably prolonged period. in India are required to disclose all important terms and • A PSP should be prohibited from imposing fees and conditions in clear and simple language, including (i) all charges related to unsolicited automatic overdraft charges and fees associated with the use of the instru- facilities. ment and (ii) the expiration period and the terms and conditions pertaining to expiration of the instrument.39 Regarding credit cards and other payment cards: Additionally, given that pre-paid instruments expire, • PSPs should be prohibited from sending an unsolicited issuers are required to warn the holders at reasonable pre-approved credit card, debit card, or prepaid card intervals during the 30-day period prior to expiration of to a current or potential consumer and charging the the validity period before forfeiting outstanding bal- consumer any fees related to the card that have not ances. This requirement helps to remind consumers of been accepted by the consumer. the existence of prepaid accounts that they may have forgotten or have otherwise left dormant with unused • PSPs should be prohibited from charging up-front fees balances. on sub-prime credit cards/overdraft products issued to In many instances, the bundling of retail payment ser- individuals with bad credit histories. vices with other financial services (such as current accounts) is done as a means to achieve efficiencies. For example, Regarding money remittances, unless the service exclu- banks often encourage customers to subscribe to debit sively consists of account-to-account services, a PSP cards to increase use of electronic transactions, rather should be prohibited from than services rendered at bank branches, which are more • Requiring a prospective consumer to use the services costly to banks. These are situations in which there is usu- in order to be given cost information about a specific ally a link between the two products sold. However, at transfer; and other times, bundling can be sought purely as a prof- it-making tool, such as when credit or debit cards are • Requiring a consumer to open an account simply in pushed onto consumers applying for a loan. In this situa- order to effect the transfer. tion, the two products are not directly linked, and tying With respect to dormancy, banks and other PSPs increas- implies raising the risks to consumers. Authorities should ingly face a per-account maintenance cost regardless of try to differentiate between bundling practices that are whether the account is active or not. In addition, in some standard and reasonable and those that are unfair. jurisdictions, banks and PSPs are required to maintain the If the acquisition of a product from a PSP requires a account for a particular period of time, even when the consumer to purchase a legitimate subsidiary product or account is dormant. This can result in banks and other service, the consumer should be granted the right to PSPs charging customers even when accounts are dor- choose the provider of the subsidiary product (where fea- mant and sometimes levying fees over a period, resulting sible) and informed of this right in writing before the in the remaining balance being consumed and, in some acquisition takes place. cases, even going negative. Annex A: Retail Payment Services   195 C3: CUSTOMER MOBILITY a. PSPs should be prohibited from unduly limiting a customer’s ability to cancel or transfer a product or service to another provider, on the customer’s reasonable notice. b. PSPs should be required to provide comprehensive information about its cancellation and portability procedures to consumers, including when products and services are delivered through agents or digital channels. c. PSPs should only be allowed to charge reasonable cancellation fees and only where such fees are set out in the consumer agreement, which should also contain its method of calculation. Explanatory Notes future date is also an important consumer protection fea- PSPs generally try to make their products sticky—that is, ture. In addition, regulators should consider approaches they encourage customers to continue using their services to enable easily shifting arrangements like mandates for and, at times, make it difficult for customers to move to direct debits from one PSP to another. other PSPs. For example, PSPs invest significant efforts to One approach that is gathering some attention is the make their customers use services such as direct debit, account number portability initiative in the European standing instructions, and bill payments, and they offer Union. The EU Payment Accounts Directive of 2014 states reward programs to increase customer loyalty. These that member states must make sure that PSPs allow for a efforts of PSPs are not against consumer interests by their switching service between payment accounts held in the basic nature, but PSPs should enable customers to termi- same currency to any consumer who opens or holds a nate these arrangements in a quick and efficient way. payment account with another PSP within the same mem- For example, when debit orders are used for recurring ber state.40 The directive further provides details on how payments, payers should be able to cancel with reason- the switching service should function (for example, pay- able ease the general mandate they gave to the payee to ments should be processed upon receipt of the authoriza- charge their account for the service. The ability to easily tion) and what information should be provided to cancel a recurring payment instruction for a designated consumers in relation to switching services. C4: COMPLIANCE AND PROFESSIONAL COMPETENCE a. A PSP should be required to ensure that all relevant staff members and third parties acting on its behalf meet competency requirements, including familiarity with the products and services sold to consumers and financial consumer protection principles and rules. b. A PSP’s board of directors should bear ultimate responsibility for ensuring effective implementation of training and competency requirements, and there should be an established system to ensure the board of directors is adequately informed and able to take corrective action when needed. Explanatory Notes See the explanatory notes for C6 in chapter 1, “Deposit and Credit Products and Services.” 196   Good Practices for Financial Consumer Protection C5: COMPETITION AND INTEROPERABILITY a. A PSP should be prohibited from engaging in anti-competitive practices. b. Financial sector regulators, payment system overseers, and competition authorities should consult with each other for the purpose of developing, applying, and enforcing consistent policies in relation to the regulation of providers of payment services. In particular, cooperation could concern the following: Monitoring competition in relevant markets i. Conducting and publishing periodic assessments of competition in relevant markets ii. Making recommendations publicly available on enhancing competition in relevant markets iii. Encouraging the use of online tools for comparing price and other terms and conditions in relevant iv. markets, and monitoring such use Encouraging interoperability v. c. PSOs should be required to institute fair, transparent, and risk-based participation requirements enabling a wide variety of PSPs to access their services and enable interoperability. d. A PSP should be encouraged to avoid exclusivity agreements with agents and merchants in a way that unduly limits the use of the agent network and infrastructure by other financial service providers. Explanatory Notes interoperability, whereby the same infrastructure can be With respect to payment services, several competition used to support multiple payment mechanisms. This is aspects arise at the relevant payment system and overall especially relevant for innovative payment products, since national payment system levels. For a complete discus- without some basic interoperability with more traditional sion on this topic, see the 2008 World Bank publication payment instruments and systems, their acceptance and/ Balancing Cooperation and Competition in Retail Pay- or usefulness for consumers might be very limited. ment Systems: Lessons from Latin America Case Studies and the 2012 World Bank publication “Developing a Access to payment systems Comprehensive National Retail Payments Strategy: Con- It has been a long-standing best practice advocated by sultative Report.” In this annex, the focus is on specific payment system overseers to require payment systems to aspects at the PSP level. have a fair, transparent, and risk-based access criteria. This best practice has been in place in several international Interoperability standards, including the CPMI Core Principles for System- In general, fostering interoperability is a key policy action ically Important Payment Systems, issued in 2001, and the of payment system overseers. This stems from the positive CPMI-IOSCO Principles for Financial Markets Infrastruc- impact interoperability has on efficiency for the overall tures, issued in 2012. While these standards are generally national payment system and also for consumers. Achiev- considered applicable only for systemically important ing interoperability requires several different elements to payment systems, the specific principles have been widely be in place: an effective payment system infrastructure in adopted for retail payment systems as well and have also which interested PSPs can participate; appropriate pricing been included in payment systems–related legislation in and business rules, to make it commercially viable for the several jurisdictions. participants to participate; and effective oversight For example, the PSD2 requires member states to arrangements, to ensure that the payment system infra- ensure that the rules on access for authorized or registered structure remains safe, reliable, and efficient. PSPs are objective, non-discriminatory, and proportionate, In the context of retail payment services, interoperabil- and that they do not inhibit access more than is necessary ity is often discussed regarding payment card systems. to safeguard against specific risks, such as settlement risk, However, it is also relevant for EFT-based products—for operational risk, and business risk, and to protect the finan- example, co-existence of two or more automated clear- cial and operational stability of the payment system.42 In inghouses (ACHs) for the same payment instruments that Bangladesh, regulation specifies that banks may link their offer the same or very similar services to their respective mobile financial services with those of other banks for the participants.41 There is also the case of infrastructure-level convenience of users and that their mobile account may Annex A: Retail Payment Services   197 be linked with a customer’s bank account (if any).43 In remittances and e-money markets. For instance, to Jamaica, regulation requires that arrangements to ensure address the issue of agent exclusivity, the Reserve Bank interoperability should be adequate.44 of Zimbabwe has created a requirement in its Electronic Payment Systems Guidelines that provides: “[w]here a Agent exclusivity payment system provider requires entering into exclu- The participation of a PSP in an interoperability arrange- sive arrangements with an agent; the payment system ment by itself does not address all anti-competitive provider shall apply to the Reserve Bank justifying why aspects. There is the additional aspect of the contractual such an agreement is necessary.”45 restrictions that PSPs can potentially place on their In Bangladesh, for both mobile money and banking agents, merchants, and other service providers, restrict- agents, prior approval of the agency agreement by the ing them from entering into similar service provision Bank of Bangladesh is required, and the regulation on arrangements with other PSPs. The 2007 CPMI-World banking agents specifies that they can be inter-operable Bank General Principles for International Remittances as long as the agent ensures that there are no amalgama- discusses the negative impacts of agent exclusivity tions, overlapping, and/or intermixing in the database of arrangements on the remittances market. This discussion customers of different banks.46 In India, regulation permits is directly relevant also for agents often used in the pro- an agent to represent more than one bank, but a retail vision of e-money services. Several jurisdictions now outlet or sub-agent can only represent one bank.47 require non-exclusivity arrangements for agents for C6: AGENTS a. A PSP should be legally liable for the actions and omissions of its agents. b. A PSP should be required to perform appropriate due diligence before contracting with any agent or agent network manager. c. A PSP should be required to continuously monitor the performance of their agents, including adherence to regulatory requirements (including applicable consumer protection laws and regulations) and internal policies and procedures. d. The agency relationship should be governed by a formal agency agreement between the agent and the PSP. e. The authority should have legal or regulatory powers to review and require changes to agency agreements, assess the activities of agents and agent network managers, and take appropriate action upon any case of non-compliance with the consumer protection framework. Explanatory Notes agents’ e-money balance to cash balance in their regular Several e-money products and remittance services use bank accounts and also, in certain cases, provide overdraft agents. In some jurisdictions, agent-based models are facilities to the agents. The agents in addition could also also allowed for traditional bank accounts. In agent- engage sub-agents. based models, in addition to the underlying acceptance The above model also applies to agent-based payment infrastructure, the agent is the main point of contact for services using other mechanisms for transaction initiation, the customer. Agents could be used to facilitate account such as when the payer uses a smartcard at the agent’s opening in terms of collecting documentation, deposit POS terminal to initiate a range of transactions, including and withdraw cash, apply for additional products and remittances, cash deposits, and cash withdrawals. services, and finally make in-person remittances and bill The increasing reliance on agents to deliver innovative payments. retail payment mechanisms raises the policy issue of how In large-scale agent networks, such as that used by these entities need to be overseen and supervised. Author- FINO in India and M-Pesa in Kenya,48 additional entities ities can choose either to authorize such entities them- are involved to provide cash-management services to selves or to impose full liability for the behavior of the agents. These are often referred to as super-agents or agent on the principal entity for which services are pro- agent network managers. The super-agents typically hold vided. The former implies a direct monitoring by the cen- the accounts of the agents and facilitate conversion of the tral bank of agents/branches. This may be too burdensome 198   Good Practices for Financial Consumer Protection operationally and disproportionate in respect to concrete tion models for agents. In general, best practice is to have risks. Authorities can also maintain a list of agents from the principal PSP, not the customer, pay all fees and com- which an agent can be withdrawn in cases of misconduct. missions of an agent directly. The agent could, of course, Conditions could also be imposed to limit the use of agents collect fees for specific services on behalf of the principal. and outsourcing to non-core activities and to ensure con- Risk management of agents has general implications for tinuous control by the principal over the third party. consumer protection. For example, the following items In general, in all jurisdictions, the PSP engaging the related to risk management for PSPs have a bearing on agent should be made responsible for compliance of the consumer protection: agent with prevailing regulatory requirements in the areas • Offering customers an independent means of verifying of consumer protection, AML/CFT, and other payment completion of a transaction and not requiring custom- service provision-related aspects. Further, in line with Prin- ers to depend on the agent giving oral information. ciple 6 of the G20 High-Level Principles on Consumer This could be in the form of a confirmation message Financial Protection and the ITU-T Focus Group Digital delivered to a customer’s phone from a pre-established Financial Services,49 regulation should ensure that provid- number and in a pre-established format; delivery of a ers are legally liable for the actions and omissions of their physical record of transaction completion; or an auto- agents, including when agent network managers are used mated call-back from a pre--established number con- to select and conduct on-boarding of individual agents. firming completion of the transaction. Certain elements of agent-based models vary signifi- cantly across the world. These elements include: • Exercising adequate due diligence in signing up new agents. • Which institutions can engage agents • Types of entities • Establishing a compliance and awareness program for • Registration versus licensing agents on specific issues, such as typical fraud typolo- • Sub-agents and tiered arrangements gies, AML/CFT, data security awareness, conveying • Services permitted to be provided by agents messages on security to customers (such as the need • Remuneration model for agents to secure and safeguard their PINs), and so forth, and • Qualification and training for agents applying them rigorously through a combination of • Technology and operations on-site audits and off-site validations. • Exclusivity requirements and interoperability • Establishing clear branding guidelines and educating The choices made with respect to these elements have a customers about what transactions are allowed at bearing on consumer protection, in particular remunera- agents and the process for the conduct of those. C7: PROTECTION AND AVAILABILITY OF CUSTOMER FUNDS a. A PSP should be required to have organizational, legal, and risk-management arrangements in order to segregate or otherwise protect the assets of consumers from the assets of the PSP, for any store of value product it may offer. b. PSPs should be required to ensure that customer funds are readily available, including by making convenient channels available for withdrawal. Specific liquidity requirements or limitations to the use of funds may be imposed for certain services, such as e-money offered by nonbank PSPs. Explanatory Notes down through payment transactions. They are usually sub- Electronic payment services need an underlying account ject to different regulations and requirements than those against which transactions made by the user are recorded. applicable to regular deposit accounts. For instance, such The nature and type of account has an important bearing accounts may allow simplified customer due-diligence on the level of protection offered to consumers. One of the procedures (including credit and documentation checks), innovations underlying e-money services is the use of a easing the enrolling of customers (particularly low-income particular type of account created specifically for the pur- consumers). Nonbank institutions may be allowed to issue poses of supporting prepaid instruments. Prepaid accounts these accounts since they are usually limited in their func- are pre-funded accounts from which funds are then drawn tionalities, maximum balance, and transaction values. Annex A: Retail Payment Services   199 Customer funds are broadly subject to two risk catego- required to record the details of such accounts on an ries: (i) the risk of the issuer of the payment instrument or ongoing basis in their main systems as well. the bank holding the underlying funds going bankrupt For example, in Paraguay, Article 15 of the Central and (ii) operational issues with the issuer’s system that Bank Regulation No. 18 of 2014 establishes that segre- could result in unauthorized access, destruction, or cor- gated funds corresponding to the total amount of funds ruption of records of the customer’s account. For payment held by e-money users must be deposited in one or more services based on a bank account, these risks are gener- trust accounts in depository financial institutions licensed ally addressed as part of the overall prudential and opera- by the Central Bank of Paraguay. In Zimbabwe, Section tional requirements imposed on the bank, as well as by 8.1.1 of the Reserve Bank of Zimbabwe’s Electronic Pay- deposit insurance and/or other safety net arrangements. ments Guidelines provides the following requirement (See section F.) relating to trustees and trust accounts: “approved elec- Nonbank issuers or prepaid accounts might not be tronic payment service providers and participants have a covered by such arrangements. In such cases, other direct responsibility to ensure that electronic wallet or mechanisms to mitigate risks should be imposed by regu- money (e-money) balances are ring fenced through the lation, such as a “ring-fencing requirement”—that is, a establishment of Trust Accounts.” In the European Union, requirement for the PSP to deposit an amount equivalent both the PSD2 (for nonbank PSPs) and the second Elec- to the total amount collected from e-money customers in tronic Money Directive50 (for e-money providers) establish one or more banks in accounts separate from the issuer’s analogous protections. regular business account(s). This requirement should be Closely related to the issue of ring-fencing customer coupled with requirements to ensure that access to these funds is the need for these funds to be readily available as dedicated accounts is limited to a few designated staff per the provisions of the product offering. In the case of and closely monitored by the PSPs, to ensure the safety of retail payment products offered by banks, there usually the funds. An additional layer of protection can be pro- are well-specified requirements, such as specific banking vided by guaranteeing the customers’ legal ownership of hours, operational hours for various services, and so forth. the funds in the pooled account by establishing a trust (or These also need to be considered for other payment ser- similar) account that is managed on behalf of the custom- vices offered by nonbank PSPs as well. Additionally, many ers either by the PSP itself or by a trustee. This arrange- regulations on e-money services impose liquidity require- ment protects customers against the PSP’s creditors in the ments on the pooled account, by limiting the types of case of bankruptcy. investments that can be done using pooled funds (for For the above to work in the case of PSP failures, ade- example, liquid or semi-liquid assets, such as low-risk gov- quate mechanisms for sound recordkeeping of individual ernment bonds). customer accounts also need to be put in place by the PSP, The above measures would still leave the customer and information about each consumer account balance exposed to the risk of destruction of records and fraud, needs to be constantly updated and available. In some which would need to be addressed by requiring appropri- jurisdictions, the nonbank e-money/prepaid instrument ate operational reliability and business-continuity proce- issuer is required to communicate periodically (for exam- dures for nonbank PSPs and non-traditional bank accounts ple, daily) the list of underlying account holders (along with (see C10, “Operational Reliability”), as well as strong their balances) to the bank maintaining the pooled funds. authentication and fraud-prevention requirements. (See The banks maintaining non-traditional bank accounts are C8, below.) C8: AUTHORIZATION, AUTHENTICATION, AND DATA SECURITY a. PSPs should be required to implement minimum security requirements for transactions and account opening, particularly transactions conducted remotely through electronic channels. The regulation should be technology-agnostic by not determining the specific types of security technologies and transaction devices that should be used by PSPs. b. PSPs should be required to use trustworthy means for client identity verification regardless of the channels used for transaction. c. PSPs should be required to use strong authentication methods, including means for renewal of expired, compromised, or forgotten authentication details, for consumers to effect payment transactions and use payment instruments and channels, including ATMs, branches, merchants, agents, internet, mobile phones, and so forth. 200   Good Practices for Financial Consumer Protection d. A PSP should be required to i. Have policies and procedures to protect consumers’ funds against internal fraud (that is, by staff, including senior management and board, or agents) and external fraud (by third parties such as hackers); and ii. Have a governance structure, including clear policies and mechanisms to investigate and decide upon cases of staff involvement in fraud. e. A PSP should be required to train its staff and agents to conduct verification of a consumer’s identity. f. PSPs should be required to have mechanisms to foster awareness of security measures that consumers need to adopt to protect their payment accounts against frauds (for example, hackers), including authentication methods. Explanatory Notes in fraud. Transaction monitoring is one element that should complement authentication mechanisms to pre- Authentication and authorization vent, detect, and block fraudulent payment transactions Payment initiation and access to sensitive data should be as part of a broader risk-management framework at PSPs. secured by strong customer authentication, which may Specific minimum standards in this area that could be include a procedure based on the use of two or more integrated in a country’s regulatory framework include the authentication elements. Ideally, at least one of the ele- following: ments should be non-reusable and non-replicable, and the two elements should not rely on the same media. (For • Requiring express customer consent for enrollment in example, both should not be stored or generated by one specific services like Internet banking, mobile banking, device, in order to minimize the risk if the device is and debit cards accessed by a non-eligible party.) All payment transac- • Robust activation procedures for each of these services, tions need to be authorized in the manner agreed potentially requiring an interaction with the customer between a consumer and a PSP. through one of his or her registered phone numbers PSPs (including banks) should be required to institute • Requiring PSPs/PSOs to have an internal board-ap- graded authorization51 requirements based on the strength proved risk-management procedure for electronic pay- of customer authentication, the nature of the transaction,52 ment mechanisms that should also include, in particular, transaction attributes, and other contextual information.53 ongoing fraud risk monitoring, having a specialized For example, technical standards in this area have been team to manage all these tasks, and an external review adopted in the European Union under the PSD2.54 by an accredited information technology security audi- With respect to contextual information, different tor at least once a year or upon substantial changes authentication mechanisms could be envisioned for dif- ferent types of customers. For certain transactions of cor- • Requiring all outsourced operations that involve sensi- porate customers, more sophisticated authentication/ tive account or personal information of customers to authorization mechanisms could be used, such as the be subject to same stringent requirements as for inter- ability to assess the risk profile of a transaction on the fly nal systems and multi-level approval. (That is, one transaction needs • Specifying minimum authentication requirements (for to be approved by several people.) For retail customers, example, two-factor authentication) PSPs may impose maximum transaction limits and, in turn, use simpler authentication mechanisms, such as through a • Requiring banks, PSOs, and PSPs to institute mecha- one-time password/PIN sent to a customer’s registered nisms to allow their participants and customers to mobile phone. report fraud and, in the case of PSOs, to institute mechanisms for transmitting the fraud information to Prevention of fraud other involved participants and mechanisms for moni- Even in the presence of authentication mechanisms, fraud toring the reported fraud and incorporating this analy- can still happen, both internally and externally. A PSP sis in their ongoing risk assessments should be required to have policies and procedures to • Requiring banks, PSOs, and PSPs to report all frauds to prevent, detect, and deal with external and internal PSOs and other relevant authorities and establishing frauds, including a governance structure and clear policies ongoing monitoring of fraud trends as part of the over- to investigate and decide upon cases of staff involvement sight activities of the authorities Annex A: Retail Payment Services   201 • Requiring all transactions to be authorized by both the Further, this information must be encrypted prior to stor- user and the issuer of the payment product age. PSPs are required to sign agreements with merchants prohibiting them from storing sensitive information of • Submitting information technology security audit their clients and to adopt supervisory measures, such as reports to the relevant authorities, and the authorities periodic checks and technical monitoring. If the mer- also conducting their own audits, if needed chants store sensitive information in violation of the agree- • Adopting specific standards, such as ISO 270001 for ment, the PSPs are required to promptly suspend or all PSOs and PSPs, as well as Payment Card Industry terminate their provision of online payment services for Data Security Standards for card networks. these merchants and to adopt effective measures to delete the sensitive information and to prevent disclosure Storing of customers’ information of it. The PSPs may also be liable for losses and liabilities Electronic payment transactions are underpinned by the caused by the disclosure of relevant information. creation and distribution of a set of data elements like PINs, the exchange of confidential information between Consumer guidelines the payer and payee, which could potentially flow through With respect to engaging consumers in protecting their various entities, and the storage of a set of data ele- payment accounts, PSPs should be required to inform ments.55 The fundamental principle should be that only consumers about their obligations to protect their the necessary set of data elements should be exchanged accounts and conduct transactions in a safe manner. PSPs and stored, and when exchanged or stored, information should strive to provide clear and easy-to-understand that can be directly used for conducting a fraudulent information and the necessary tools and procedures for transaction or that can be re-purposed for conducting customers to exercise care in handling sensitive informa- fraudulent transactions should be encrypted using a tion (such as PINs), monitor their accounts regularly, and mechanism that achieves the best balance between trans- inform the PSP in a time-bound manner whenever they action efficiency and safety considerations. detect any problems. Good practices include providing For example, in China, the Administrative Measures for detailed up-to-date information on common fraud pat- Non-Bank Online Payment of 2015 require nonbank PSPs terns, such as phishing, and information on tools, such as to take effective protective measures for the security of anti-virus software. their clients’ personal information and to adopt risk-con- This section draws inputs from the Assessment Guide trol systems. The measures restrict the storage of clients’ for the Security of Internet Payments developed by the sensitive information, such as track information or chip European Forum on the Security of Retail Payments56 and information of their clients’ bank cards, their verification published by the European Central Bank in February codes, or passwords. In principle, PSPs are not allowed to 2014,57 as well as the various guidances on authentication store the effective term of the bank cards, unless they are standards published by the Federal Financial Institutions stored for special business needs or pursuant to authoriza- Examination Council.58 tion by the clients and the banks opening the bank cards. C9: UNAUTHORIZED AND MISTAKEN TRANSACTIONS AND LIABILITY FOR LOSS a. PSPs should be required to effectively disclose to consumers the situations constituting fraud or unauthorized or mistaken transactions; a consumer’s obligations in such situations; and limitations to consumer liability for losses in such situations. b. In principle, PSPs should be held legally liable for breaches in data security that result in losses for a consumer. c. A consumer’s liability for losses from unauthorized transactions should be limited to a maximum amount specified by law, except in cases of consumer fraud or gross negligence. d. PSPs should be required to provide evidence that the conditions for the consumer’s liability for loss have been met. e. A PSP should be required to provide timely and necessary assistance to consumers to recover mistakenly transferred funds. 202   Good Practices for Financial Consumer Protection f. PSPs should be required to have clear procedures to deal with security breaches and supposedly unauthorized transactions, including mechanisms to reimburse or compensate the consumer for losses. Explanatory Notes Focus Group Digital Financial Services states that PSPs The use of electronic means might generate mistakes or should have in place transaction authentication proce- mismatches of data. In particular, in the case of EFTs, dures to minimize mistakes, as well as procedures, includ- errors in the information provided about the recipient and ing specialized and adequately trained staff, to solve such the payment itself might result in either a misdirected pay- errors and provide guidance to consumers.60 ment or wrong processing of the payment. In addition, a clear mechanism for allocating responsi- In the case of EFTs, and in particular in the case of bilities should be in place. To this end, the tendency has debit transfers, erroneous execution, an inadequate bal- been to allocate liability to the stakeholder that would be ance in the account due to some other unexpected pay- in the best position to avoid the wrongdoing, and a focus out from the account, and other operational issues could on the duty of the PSP to put a safety system in place that result in the payment being unsuccessful. The impact of is able to detect mistakes. Moreover, in order to favor the such an unsuccessful payment could reach beyond the use of electronic payments, the tendency has been to underlying transaction. For example, delays in paying a keep consumers free from liability under certain amounts telephone bill could result in the suspension of phone or if they correctly and promptly report the wrongdoing. service. For example, PSD2 establishes that, except in cases of PSPs should be required to take steps to minimize the fraud or gross negligence by the consumer, the maximum likelihood of errors and have clear processes for resolving amount that a consumer can be obliged to pay in the case such errors, and all other situations should be adequately of an unauthorized payment transaction is €50. prevented and rapidly corrected.59 For example, the ITU-T C10: OPERATIONAL RELIABILITY a. A PSP should be required to maintain reasonable technical measures in line with industry best practices, including a documented and audited business continuity plan, to protect the personal information and funds of consumers and to ensure continuous availability of the services. b. A consumer should be given reasonable notice of any proposed system shutdowns. Explanatory Notes Regulators should also monitor new technological Operational reliability is a very important requirement to innovations to keep up with evolving threats and risks to protect the information of consumers as well as their funds consumers. Ensuring that appropriate operational reliabil- and to allow for continuous service. Most payment system ity requirements are imposed for nonbank providers is laws and regulation touch upon this. For instance, in also critical, particularly in countries where these services Jamaica, issuers are required to have measures in place to have a very large penetration. As PSPs and the PSO are ensure the safety, security, and operational reliability of the often dependent on critical service providers to keep their retail payment service, including contingency arrange- systems and services running, any impact on these critical ments and disaster control procedures, to be applied to all service providers can affect several PSPs in a country at relevant systems, whether internal or outsourced, includ- the same time. ing systems and platforms.61 The PSD2 asks member states For example, specific attention should be given to the to ensure that PSPs establish a framework with appropriate issue of reliability of the mobile networks in connection mitigation measures and control mechanisms to manage with mobile money. For instance, some countries have the operational and security risks relating to the payment reported that shutdowns may create conditions for agent services they provide.62 It provides clear rules on authenti- fraud (when systems are down and an agent cashes in a cation procedures and reporting incidents to guarantee customer’s money without registering the deposit in the operational security and reliability.63 In some cases, the system). In the light of such situations, telecom regulators PSO also imposes specific operational reliability guidelines in some jurisdictions have imposed specific service-level on the PSPs. This is the case for international payment card requirements for telecom services as well. brands in particular, and also for ACH networks. Annex A: Retail Payment Services   203 D: DATA PROTECTION AND PRIVACY64 D1: LAWFUL COLLECTION AND USAGE OF CUSTOMER DATA a. PSPs should be allowed to collect relevant customers’ data within the limits established by law or regulation and, where applicable, with the customer’s consent. b. The law or regulation should establish rules for the lawful collection and use of data by PSPs, including when consumer consent is required, and clearly establishing at a minimum How data can be lawfully collected; i. How data can be lawfully retained; ii. The purposes for which data can be collected; and iii. The types of data that can be collected. iv. c. The law or regulation should provide the minimum period for retaining customer records, and that, throughout this period, the customer should be provided ready access to such records for a reasonable cost or at no cost. d. For data collected and retained by PSPs, PSPs should be required to comply with data privacy and confidentiality requirements that limit the use of consumer data exclusively to the purposes specified at the time the data were collected or as permitted by law, or otherwise specifically agreed with the consumer. Explanatory Notes minimization (use only what is needed); embedding pri- See the explanatory notes for D1 in chapter 1, vacy in the product design phase; introducing the con- “Deposit and Credit Products and Services,” which cept of extra-territorial applicability;66 and making the generally apply to retail payment services. data controller accountable for data processing.67 Payments data reveal rich information for merchants, In any event, providers should be obliged to disclose, banks, nonbank PSPs, and others, with the potential to at a minimum, what information is being maintained, for benefit financial inclusion. However, consumers can be how long, and for what purposes. Informed consensus very sensitive about financial service providers’ use of pay- should be ensured, and providers should ensure that no ments data. If not properly regulated, the usage of such abusive behavior occurs which could lead to discrimina- data could be subject to abuse. Global research by GSMA tion or violation of privacy. Legislation should also address on more than 11,500 mobile users in Brazil, Colombia, the issue of ownership of such data. Indonesia, Malaysia, Singapore, Spain, and the United Kingdom revealed that consumers have serious concerns Big data about their mobile identity and personal data. One of One unique and emerging issue with respect to retail pay- their most significant worries consumers have with respect ment services is the usage of “big data” or alternative to payments data is the extent to which their privacy is data.68 Since retail payments have an important position in secured and guaranteed. Consumers often do not know the lives of all citizens, they form a rich source of informa- the extent to which their data is collected and what orga- tion. In addition to the data on the underlying transaction, nizations are doing with their personal data. a payment transaction also has information on the loca- Given the importance of the topic, in particular with tion of the transaction, the time of day, and, in some the growing emergence of digital payments, it is import- cases, also the underlying economic interaction. Further- ant that rules limit the collection and processing of data. more, with the integration of payment services and social (For example, see PSD2.) Further, as recommended by the networks and the emergence of large-scale ecommerce ITU-T Focus Group Digital Financial Services, authorities platforms, the type of information that can now be juxta- should strive to identify any gaps in the legal and regula- posed with payment information has increased signifi- tory framework for data protection and privacy with cantly. Coupled with the reduction of data-storage costs, respect to the fast-paced evolution of digital financial ser- increased processing speed, and the development of vices. One example is the European Union, where the smart algorithms, innovative businesses have realized the General Data Protection Regulation65 issued in 2016 aims potential of turning raw data into useful information. They to cover new issues raised by technology and “big data” apply algorithms to extract information from transaction by, among other things: introducing the concept of data data with the aim of offering more products and services, 204   Good Practices for Financial Consumer Protection either by themselves or in association with other entities, customers are more often asked to log in (check in) and to detect fraud more effectively and efficiently. before navigating to and selecting and purchasing The following applications of data analytics have products and services online. In this case, customer vis- gained prominence of late: its provide online merchants and authentication plat- forms with a rich source of data. By combining this • Emerging use of transaction data, social network, and information with collected and analyzed payments other contextual information as alternative sources of data, (financial) institutions can offer a unique user-tai- information to assess creditworthiness: Improved pay- lored approach.70 ment data can enable access to credit and other ser- vices, since (payment) data can provide valuable insights • Payment systems and payment platforms commoditiz- for financial institutions in assessing the creditworthiness ing valuable information: In 2011, Visa started selling of consumers, decreasing risk and helping more people retailers the ability to send text messages to consum- qualify. Alternative information, such as utility bills, ers based on their recent credit card transactions. Con- mobile phone bills, and online shopping transactions, sumers had to agree to this service beforehand and helps to build relevant data on individuals, including received discounts and other incentives in return. In those who are not captured by traditional credit scores. 2012, MasterCard started offering marketers and Data on consumer behavior also enable better predic- advertisers aggregated and non-personalized informa- tions of willingness to repay borrowed money. Such tion that is based on payments data, without explicit behavioral information can, for instance, be obtained consent from consumers.71 from social media sites, though the predictive power of The challenge for authorities is to foster innovation and such data has not been fully proven yet. Online lending set boundaries within which healthy economic conduct platforms such as Lenddo in Colombia, Mexico, and the can proceed, while addressing data privacy and other Philippines; Kabbage in the United States; and LendUp consumer protection concerns at the same time. In partic- in the United Kingdom use the “online reputations” of ular, big data approaches raise questions with respect to consumers on social media to qualify them for loans. data ownership and portability, the principle of specific Another example is Cignify in the United Kingdom, usage of collected data, the feasibility of informed con- which uses mobile phone usage data to assess the risk sent for collecting and using big data when collection is of lending money to consumers in emerging countries.69 linked to basic services, inaccuracies or lack of transpar- • Offering personalized service: One of the main pur- ency in credit information and scoring based on big data poses of the use of data is offering the customer a per- (without the clear ability for consumers to access and cor- sonalized approach. For merchants, payment data rect data), and the potential for abusive practices, such as offer insights into shopping behavior, interests, and discrimination, profiling, and aggressive marketing.72 Data preferences. In physical stores, customers pay by card, protection and privacy issues should be taken into account which forms a rich source of data for card issuers and by providers early in the design phase, so that resulting merchants. However, data are usually not tied to per- systems, applications, and platforms have the capability sonal information, which restricts the leveraging of the to address such issues. data for post-sales activities. When shopping online, D2: CONFIDENTIALITY AND SECURITY OF CUSTOMERS’ INFORMATION a. PSPs should be required to have and implement policies and procedures to ensure the confidentiality, security, and integrity of all data stored in their databases that relate to their customers’ personal information, accounts, deposits, deposited properties, and transactions. b. In order to ensure confidentiality, when establishing policies and procedures, PSPs should also establish different levels of permissible access to customers’ data for employees, depending on the role they play within in the organization and the different needs they may have to access such data. c. In order to maintain the security of customers’ data, PSPs should also be required to have and implement policies and procedures to ensure security related to networks and databases. d. PSPs should be held legally liable for misuse of consumer data. Annex A: Retail Payment Services   205 e. PSPs should be held legally liable for any breaches in data security that result in loss or other harm to the customer, and should put in place clear procedures to deal with security breaches, including mechanisms to reimburse or compensate consumers. Explanatory Notes See the explanatory notes for D2 in chapter 1, “Deposit and Credit Products and Services.” D3: SHARING CUSTOMER INFORMATION a. The law should provide rules for the release to and use of customer information by certain third parties, such as government authorities, credit registries or credit bureaus, and collection agencies. b. Whenever a PSP is legally required to share a customer’s information with a third party, the PSP should be required to inform the customer in writing (including in an electronic form) in a timely manner of The third party’s precise request; i. The specific information of the customer that has been or will be provided; and ii. How and when that information has been or will be provided. iii. c. Subject to the exceptions noted in clauses D3(a) and (b), above, without a consumer’s prior written consent as to the form and purpose for which the consumer’s data will be shared, the law should prevent a PSP from selling or sharing any of a consumer’s information with any third party for any purpose, including telemarketing or direct mailing, unless such third party is acting on behalf of the PSP and the information is being used for a purpose that is consistent with the purpose for which that information was originally obtained. d. Before any such sharing for the first time, the PSP should be required to inform consumers in writing of their data privacy rights in this respect. e. PSPs should be required to allow consumers to stop or opt out of any sharing by the PSP of information regarding the consumers that they previously authorized (unless such sharing is mandated by law). f. In the case of tied products, the consumer should be informed if a third party will have access to the consumer’s information. g. Unless it is a credit bureau or a credit registry, the third party should be prohibited from disclosing the shared information regarding a consumer. Explanatory Notes The explanatory notes for D3 in chapter 1, “Deposit In addition, the collection of data by third parties may and Credit Products and Services,” generally apply to be used to provide value-added services, such as assess- retail payment services as well. For example, the Payment ing creditworthiness and offering personalized services, System Act in India establishes the principle that custom- raising potential concerns with data privacy, as noted in ers’ information cannot be shared with third parties, unless D1, above. Regulators should ensure that such data shar- required by law and with the consent of the user.73 ing follows strict rules on confidentiality, or else ensure In particular, in the specific case of innovative payment that such data is shared in an aggregated, de-personal- instruments, where a financial institution may link with a ized format, in which case data privacy obligations would commercial entity, such as a telecom operator, for offering no longer apply. Furthermore, authorities should consider a product, exchanging information may require additional developing appropriate data privacy requirements for the regulation, since the different entities may be subject to actual recipients/users of third-party data. diverging legislation and different requirements. Consis- tent consumer protections should be put in place. 206   Good Practices for Financial Consumer Protection E: DISPUTE RESOLUTION MECHANISMS E1: INTERNAL COMPLAINTS HANDLING a. PSPs should be required to have an adequate structure in place as well as written policies regarding their complaints handling procedures and systems—that is, a complaints handling function or unit, with a designated member of senior management responsible for this area—to resolve complaints registered by consumers against the PSP effectively, timely, and justly. b. PSPs should be required to comply with minimum standards with respect to their complaints handling function and procedures. These should include the following: Resolve a complaint within a maximum number of days, which should not be longer than the maximum i. period applicable to a third-party external dispute resolution mechanism. (See E2.) Make available a range of channels (for example, telephone, fax, email, web) for submitting consumer ii. complaints appropriate to the type of consumers served and their physical location, including offering a toll-free telephone number to the extent possible, depending on the size and complexity of the PSPs’ operations. Widely publicize clear information on how a consumer may submit a complaint and the channels made iii. available for that purpose, including on the PSP’s website, in marketing and sales materials, in KFSs, in standard agreements, and at locations where products and services are sold, such as branches, agents, and other alternative distribution channels. (See B1.) Publicize and inform consumers throughout the complaints handling process, and particularly in the iv. final response to the consumer, regarding the availability of any existing alternative dispute resolution (ADR) schemes. (See E2.) Adequately train its staff and agents who handle consumer complaints. v. Keep the complaints handling function independent from business units such as marketing, sales, and vi. product design, to ensure fair and unbiased handling of the complaints, to the extent possible, depending on the size and complexity of the PSP. Within a short period following the date the PSP receives a complaint, acknowledge receipt of the vii. complaint in a durable medium (that is, in writing or another form or manner that the consumer can store), and inform the consumer about the maximum period within which the PSP will give a final response and by what means. Within the maximum number of days, inform the consumer in a durable medium of the PSP’s decision viii. with respect to the complaint and, where applicable, explain the terms of any settlement being offered to the consumer. Keep written records of all complaints, while not requiring that a complaint itself be submitted in ix. writing (that is, allowing for oral submission). c. PSPs should be should be required to maintain and make available to the supervisory authority up-to-date and detailed records of all individual complaints. d. The PSP’s complaints handling and database system should allow it to report complaints statistics to the supervisory authority. e. PSPs should be encouraged to use the analysis of complaints information to continuously improve their policies, procedures, and products. Annex A: Retail Payment Services   207 Explanatory Notes receipt. The customer could be asked to pay a fee to The explanatory notes for E1 in chapter 1, “Deposit and retrieve a copy of the receipt from the payer. These fees Credit Products and Services,” apply to retail payment need to be set at a fair level or else they could deter the services as well and should be extended to nonbank PSPs. customers from raising disputes. Indirect costs could also All PSPs should have in place an internal complaint be associated with how the dispute is to be raised and how handling mechanism, preferably by a specific handling the supporting information is to be submitted. Offering unit. Procedures should be clear to the costumer, known various options, including oft-used transaction channels in advance, and rapidly address the claim. Electronic (such as digital channels), could reduce these indirect costs. channels should be put in place to facilitate distant com- In addition, depending on whether the transaction is plaints, and the redress system should be available seven an ONUS (that is, the same PSP is handling both the payer days a week and for 24 hours. and the payee sides of a transaction) or an OFFUS (that is, As PSPs increasingly leverage alternative distribution different PSPs are handling the payer and payee sides of a channels for product and service delivery, the role of such transaction), and whether a transaction is domestic or channels in internal complaints handling should be con- international, different entities could be involved. In the sidered. For example, when PSPs serve consumers pri- case of an ONUS transaction, the entire dispute resolution marily through agents that are closer in physical proximity process is within the same PSP. In the case of OFFUS to the consumer, agents should be properly trained to transactions and international transactions, the underlying receive and resolve simple complaints or to forward the payment system would also get involved, and its operat- complaint to the PSP’s complaints handling unit. ing rules and procedures for handling complaints would It should be easy for users to present evidence support- apply. It will be necessary to ensure that complaints han- ing their claims. For instance, for some types of disputes dling requirements are harmonized across these transac- (for example, regarding a transaction amount), the payer tion scenarios. could be required to submit a copy of the transaction E2: OUT-OF-COURT FORMAL DISPUTE RESOLUTION MECHANISMS a. If consumers are unsatisfied with the decision resulting from the internal complaints handling at the PSP, they should be given the right to appeal, within a reasonable timeframe (for example, 90 to 180 days), to an out-of-court ADR mechanism that Has powers to issue a decision in each case that is binding on the PSP (but not binding on the i. consumer); Is transparent and independent of both parties and discharges its functions impartially; ii. Is staffed by professionals trained in the subject(s) they deal with; iii. Has an adequate oversight structure that ensures efficient operations; iv. Is financed adequately and on a sustainable basis; v. Is free of charge to the consumer; and vi. Is accessible to consumers. vii. b. The existence of an ADR mechanism, its contact details, and basic information about its procedures should be made known to consumers through a wide range of means, including when a complaint is finalized at the PSP level. c. If an ADR mechanism has a member-based structure, all PSPs should be required to be members. Explanatory Notes This may be an entity established by an association of The explanatory notes for E2 in chapter 1, “Deposit financial institutions, a service provided by the supervi- and Credit Products and Services,” generally apply to sor or the overseer within its general functions, or an retail payment services as well. independent authority, such as a financial sector In addition to a mechanism for claims internal to each ombudsman. Whatever mechanism is chosen, this ADR PSP, a redress mechanism should exist to permit an mechanism must be impartial, permit the customer to unsatisfied customer to address an autonomous entity. ask for redress easily and inexpensively, and permit the 208   Good Practices for Financial Consumer Protection parties to confront each other openly to discuss the tem has been set up specifically for payments in addition issue. The final decision should be either legally binding to other types of ADR schemes already existing for other or accepted by the financial institution. It is also import- financial services and products. The arbitration chamber ant to ensure that the ADR mechanism covers all PSPs, has competence over any dispute that arises between a including nonbank PSPs. In Slovakia, an arbitration sys- PSP and a payment services user.74 F: GUARANTEE SCHEMES AND INSOLVENCY F1: DEPOSITOR PROTECTION a. The law should be clear on whether the financial safety net (that is, a deposit insurance system, if existing; the regulator or supervisor; and the resolution authority, if existing) covers customers’ funds held by PSPs, when either the deposit-taking financial institution holding the funds (for example, commercial bank, financial cooperative) or the PSP is unable to meet its obligations, including the return of funds. b. If there is a law on deposit insurance, it should state the following clearly: The mandate and powers of the deposit insurer(s) i. The scope of depositors who are insured (for example, natural persons, legal persons) ii. The types of financial instruments that are insured iii. The deposit insurance coverage–level limits iv. The mandatory membership of all deposit-taking financial institutions75 v. The creation of an ex ante financed fund for pay-out purposes vi. The contributing institutions to this fund and clear back-up financing arrangements vii. viii. The events that will trigger a payout from this fund to insured depositors The mechanisms and the timeframe to ensure timely payout to insured depositors ix. c. On an ongoing basis, the deposit insurer(s) should, directly and through insured institutions, promote public awareness of the deposit insurance system. d. The public should be informed of the scope of depositors and types of financial instruments that are insured (and those that are not), the institutions that are members of the deposit insurer(s) and how they can be identified, the coverage level, the mandate of the deposit insurer(s), the reimbursement process, and the benefits and limitations of the deposit insurance system. e. In the event of a failure of a member institution, the deposit insurer(s) must notify depositors where, how, and when insured depositors will be provided with access to their funds. f. The deposit insurer(s) should work closely with member institutions and other safety-net participants to ensure consistency and accuracy in the information provided to depositors and consumers and to maximize public awareness on an ongoing basis. Law or regulation should require member institutions to provide information about deposit insurance in a format/language prescribed by the deposit insurer(s). g. The deposit insurer(s) should have in place a comprehensive communication program and conduct a regular evaluation of the effectiveness of its public awareness program or activities. Annex A: Retail Payment Services   209 Explanatory Notes Further to the explanatory notes for F1 in chapter 1, value are adopted; (ii) a direct approach, whereby such “Deposit and Credit Products and Services,” for store- products are directly insured by a deposit insurer, and of-value payment products, authorities will need to con- their providers must be or must become members of the sider whether such funds are considered deposits within deposit insurance system; or (iii) a pass-through approach, the context of any deposit insurance system. Authorities whereby deposit insurance coverage passes through a should make efforts to stay abreast of financial inclusion custodial account at an institution that is a deposit insur- initiatives and associated technological innovations ance member and holds customer funds from digital occurring in their jurisdictions, particularly those regard- stored-value products, to the individual customer of the ing digital stored-value products and/or affecting unso- digital product provider (although this provider is not a phisticated small-scale depositors. For example, deposit deposit insurance member).76 A conscious policy decision insurers should be part of any dialogue among authori- to adopt any of these approaches could help to address ties, including financial regulators and supervisors and, legal and customer uncertainty issues. for example, telecommunication authorities, regarding Regardless of the approach adopted, customers the authorization and regulation of digital stored-value should be clearly informed about whether digital stored- products and providers. value products are directly or indirectly insured or unin- Authorities should assess the opportunities and chal- sured by the deposit insurance system. In jurisdictions lenges associated with different approaches to deposit where customers may promptly transfer their uninsured insurance treatment of digital stored-value products, such digitally stored value to insured accounts, they should also as (i) an exclusion approach, whereby such products are be clearly informed about the differences between both explicitly excluded from deposit insurance coverage, products. although other measures to protect customers’ stored 210   Good Practices for Financial Consumer Protection NOTES 1. The discussion on retail payment services in the introduc- 11. The so-called “honor all cards” rule enforced by most tion to this annex is primarily derived from the World Bank payment networks typically requires acquirers to ensure publication “Developing a Comprehensive National Retail that their merchants accept all cards affiliated with the Payments Strategy: Consultative Report” (2012). payment network. The affiliation of a card to a payment 2. Committee on Payment Settlement Systems, “A Glossary network is typically visually represented by a logo of the of Terms Used in Payments and Settlement Systems” payment network placed on the card. (Bank for International Settlements, 2003), 42. 12. A PSP agent is a local entity, such as a small shop, that 3. It should be noted that “not time-critical” should not be provides basic payment and transaction account–related interpreted as not real-time. Many retail payment services on behalf of bank or nonbank payment service transactions are processed on a near real-time basis, such providers. as a person-to-person funds transfer. However, in such 13. See “Mobile Banking and Payments,” TR14/15 (Financial cases, the settlement agent is the same as the issuer or Conduct Authority, 2015) and “Fair Treatment for the settlement is completed at a later time, typically on a Consumers Who Suffer Unauthorized Transactions,” deferred net settlement basis—for example, as in the case TR15/10 (Financial Conduct Authority, 2015). of a card payment transaction. 14. Annual Payment Systems Report (People’s Bank of China, 4. E-money-based instruments involve the payer maintaining 2014); Financial Access Survey (International Monetary a pre-funded transaction account with a PSP, often a Fund, 2015); and Global Findex (World Bank, 2015). nonbank. Specific products include online money when 15. Although not specific to consumer protection issues, the payment instruction is initiated via the Internet, mobile guidance for supervision of agents used by banks and money when initiated via mobile phones, and prepaid nonbanks is found at Denise Dias, Stefan Staschen, and cards. E-money can be offered by banks and authorized Wameek Noor, “Supervision of Banks and Nonbanks nonbanks. See Committee on Payments and Market Operating through Agents: Practice in Nine Countries and Infrastructures (CPMI) and the World Bank Group, Insights for Supervisors” (Consultative Group to Assist “Payment Aspects of Financial Inclusion” (Bank for the Poor [CGAP], 2015). International Settlements and the World Bank Group, 16. See ITU-T Focus Group Digital Financial Services, 2016). Consumer Experience and Protection (International 5. This term has acquired a very specific meaning in the Telecommunications Union [ITU], 2017). European Union, where it refers specifically to payment 17. Details available at http://www.bcsbi.org.in/index.html. initiation service providers and account information service providers. In the context of this document, the term has a 18. The GSMA’s COC is available at www.gsma.com/mobile broader meaning. fordevelopment/wp-content/uploads/2014/11/Code-of- Conduct-for-Mobile-Money-Providers.pdf. 6. By some estimates, around 85 percent of transactions worldwide are in cash. See Measuring Progress Toward a 19. Global Remittances Working Group, An International Cashless Society (MasterCard Advisors, 2013). Remittances Customer Charter: A Toolkit For National Action (World Bank, 2010), http://siteresources.worldbank. 7. Further, this annex does not cover “digital currencies” such org/FINANCIALSECTOR/ as Bitcoin. These do not fall under any of the payment Resources/282044-1257537401267/customercharter.pdf. instrument categories. Moreover, currently there is not enough evidence to make conclusions about good 20. “Responsible Digital Payments Guidelines,” https:// consumer protection practices with regard to digital curren- www.betterthancash.org/tools-research/case-studies/ cies, because they are still a recent innovation and there is responsible-digital-payments-guidelines. only limited experience with their regulation and oversight. 21. See https://www.visa.com/chip/personal/security/ For an analysis of the features and implications of digital zero-liability.jsp and http://newsroom.mastercard.com/ currencies, see CPMI, “Digital Currencies” (Bank for press-releases/mastercard-expands-consumer-protec- International Settlements, November 2015). tion-across-the-globe-2/. 8. The merchant service fee is the fee paid per transaction 22. Remittance Prices Worldwide, https://remittanceprices. by the merchant to the acquiring bank, usually structured worldbank.org/en/national-and-regional-databases- as a combination of a fixed fee and a percentage of the certified-by-the-world-bank. transaction amount. 23. The interchange fee is the fee paid between by the 9. From a merchant’s perspective, transparency and other merchant’s bank (acquiring bank) to the issuer bank. consumer protection issues relate more to a clear 24. ITU-T Focus Group Digital Financial Services, Consumer understanding of when and how the merchant will get Experience and Protection (ITU, 2017). paid for the transaction, the schedule of fees, how the fees 25. Statement of Fees Template and Fee Information payable are calculated, the specific procedures the Document as part of the technical standards of the EU merchant needs to follow, and the records that must be payment account directive, EBA/ITS/2017/03 and EBA/ kept to have guaranteed settlement for a transaction. ITS/2017/04 (European Banking Authority [EBA], May 10. A payment network is a payments system that connects 2017). various member institutions, thereby enabling interopera- 26. The discussion on pricing is further elaborated under bility of payment instruments issued by one member at Guideline 4 of the General Guidance on National Payment another member’s acceptance infrastructure. The term is Systems Development. commonly used to refer to payment card systems such as 27. See CPMI and the World Bank Group, “Payment Aspects Visa and Master Card. of Financial Inclusion,” 12. Annex 1: Retail Payment Services   211 28. Directive 2014/92/EU of the European Parliament and of 44. Guidelines for Electronic Retail Payment Services (Bank of the Council of 23 July 2014 on the Comparability of Fees Jamaica, 2013), Section 8. Related to Payment Accounts, Payment Account Switching 45. Electronic Payment Systems Guideline (Reserve Bank of and Access to Payment Accounts with Basic Features, Zimbabwe), Guideline 1.12.4. Article 4. 46. Regulatory Guidelines for Mobile Financial Services in 29. “Final Report on Draft Implementing Technical Standards Bangladesh (Bangladesh Bank, 2015), Section 7, and on the Standardised Presentation Format of the Fee Guidelines on Agent Banking for the Banks (Bangladesh Information Document and Its Common Symbol, under Bank, n.d.), Sections 6, 7, 13, and 15. Article 4(6) of Directive 2014/92/EU [Payment Accounts 47. Guidelines for Engaging of Business Correspondents, Directive],” EBA/ITS/2017/03 (EBA, 2017). RBI/2010-11/217 DBOD.No.BL.BC.43 /22.01.009/2010-11 30. ITU-T Focus Group Digital Financial Services, Consumer (Reserve Bank of India, 2010), Section 3. Experience and Protection (ITU, 2017). 48. For details on M-Pesa, refer to annex 7 in the 2012 World 31. Directive 2015/2366 of the European Parliament and the Bank publication “Developing a Comprehensive National Council of 25 November 2015 on Payment Services in the Retail Payments Strategy: Consultative Report.” Internal Market, Amending Directives 2002/65/EC, 49. ITU-T Focus Group Digital Financial Services, Consumer 2009/110/EC and 2013/36/EU and Regulation (EU) No Experience and Protection (ITU, 2017). 1093/2010, and Repealing Directive 2007/64/EC. 50. Directive 2009/110/EC of the European Parliament and of 32. Mobile Money Guidelines (Bank of Uganda, 2013). the Council of 16 September 2009 on the taking up, 33. Instruction N°008-05-2015 regissant les conditions et pursuit and prudential supervision of the business of modalites d’exercice des activites des emetteurs de electronic money institutions. monnaie electronique dans les etats membres de l’Union 51. Authorization is a procedure that checks whether a Monetaire Ouest Africaine (UMOA) (La Banque Centrale customer or PSP has the right to perform a certain des Etats de l’Afrique de l’Ouest, 2015). action— for example, the right to transfer funds or to have 34. The ePayments Code is a voluntary code of practice, access to sensitive data. although most relevant financial institutions have 52. The nature of the transaction has an influence on the risk subscribed to it. However, there is also a legislative profile. Examples of high-risk transactions could include consumer protection overlay, including in relation to those at specific categories of merchants that are more transaction receipts and statements, under chapter 7 of the prone to fraud, such as online ticketing and gambling, Corporations Act 2001. Section 1017F mandates the cash-out remittances, and interbank funds transfers. provision of “confirmations of transactions,” with some Transaction attributes, such as the amount of the transfers exceptions, including account direct debits and credits, and the time of day when the transaction is initiated, also and also provides—together with regulations made under have a bearing on the risk profile of a transaction. it—a regime for confirmations (that is, receipts) to be made (Transactions between midnight and early morning are available through an electronic facility. See https://www. often more suspicious than those during normal business legislation.gov.au/Details/C2017C00129/Html/Volume_5#_ hours or in the evening.) Toc479592087. 53. Contextual information consists of circumstantial factors, 35. See “Consumer Policy Guidance on Mobile and Online such as the type of customer; interbank transfers to a new Payments,” Digital Economy Papers 236 (OECD, 2014). recipient and/or to a country for the first time; interbank 36. Mobile Money Guidelines (Bank of Uganda, 2013). transfers after a long period of dormancy; a change of 37. ITU-T Focus Group Digital Financial Services, Consumer authentication credentials immediately following other Experience and Protection (ITU, 2017). changes in customer/account attributes, such as address or 38. Laws of Malaysia, Act 627, Payment Systems Act 2003, phone information; a transaction from a device not usually Article 32. used; and an abnormally high number of transactions in a given time window, such as a day or three-day period. 39. “Master Circular: Policy Guidelines on Issuance and Operation of Pre-paid Payment Instruments in India,” 54. “Regulatory Technical Standards on Strong Customer DPSS.CO.PD.PPI.No.3/02.14.006/2014-15 (Reserve Bank Authentication and Secure Communication under PSD2,” of India, 2014). https://www.eba.europa.eu/regulation-and-policy/ payment-services-and-electronic-money/regulatory- 40. Directive 2014/92/EU of the European Parliament and of technical-standards-on-strong-customer-authentica- the Council of 23 July 2014 on the Comparability of Fees tion-and-secure-communication-under-psd2. Related to Payment Accounts, Payment Account Switching and Access to Payment Accounts with Basic Features. 55. For purposes of this GP, data security is differentiated from protection from misuse and sharing of customer data, 41. In the Global Payment Systems Survey 2015, 62 percent of although unauthorized access to and misuse of both types central banks reported that the payment cards system in of data may result in both external and internal fraud. their country was fully interoperable for ATM transactions, while 59 percent reported full interoperability for POS 56. The European Forum on the Security of Retail Payments is a transactions. voluntary cooperative initiative between relevant European authorities, in particular supervisors of payment service 42. Directive 2015/2366 of the European Parliament and of the providers and overseers. It aims to promote knowledge and Council of 25 November 2015 on Payment Services in the understanding of issues related to the security of electronic Internal Market, Article 15. retail payment services and instruments. See http://www. 43. Regulatory Guidelines for Mobile Financial Services in ecb.europa.eu/pub/pdf/other /assessmentguidesecurity Bangladesh (Bangladesh Bank, 2015), Section 11. internetpayments201402en.pdf/. 212   Good Practices for Financial Consumer Protection 57. See also EBA guidelines based on such recommendations: 69. For example, see Christina Farr, “Kabbage Brings Its Quick https://www.eba.europa.eu/regulation-and-policy/ Fix Loans to UK Merchants,” VentureBeat, February 16, consumer-protection-and-financial-innovation/guide- 2013, available at https://venturebeat.com/2013/02/16/ lines-on-the-security-of-internet-payments. kabbage-brings-its-quick-fix-loans-to-uk-merchants/. 58. The Federal Financial Institutions Examination Council is a 70. For more information, see “EMC Digital Universe Study” formal interagency body empowered to prescribe uniform (DELL EMC, 2014); Ben Rossi, “Big Data vs. Big Regulation: principles, standards, and report forms for the federal Will Changing the Rules Empower Consumers?,” Informa- examination of financial institutions by the Board of tion Age, January 13, 2014, available at http://www. Governors of the Federal Reserve System, the Federal information-age.com/big-data-vs-big-regulation-will- Deposit Insurance Corporation, the National Credit Union changing-the-rules-empower-consumers-123457592/; Administration, the Office of the Comptroller of the “Big Data: Seizing Opportunities, Preserving Values” (White Currency, and the Consumer Financial Protection Bureau, House Office of Science and Technology, May 2014); and to make recommendations to promote uniformity in “Leveraging Data and Analytics for Customer-Centricity and the supervision of financial institutions. See https://www. Innovation: Asian Banker Research Survey on Use of Data ffiec.gov/. and Analytics in Banks in Asia Pacific 2013,” (The Asian 59. “Online and Mobile Payments: Supervisory Challenges to Banker, April 2013), available at http://www.theasianbanker. Mitigate Security Risks” (International Financial Consumer com/assets/media/dl/whitepaper/SAP_WP_2013_1.pdf; Protection Organisation, September 2016). and “Big Data, Big Impact: New Possibilities for Interna- tional Development,” (World Economic Forum, 2012), 60. ITU-T Focus Group Digital Financial Services, Consumer available at http://www3.weforum.org/docs/WEF_TC_MFS_ Experience and Protection (ITU, 2017). BigDataBigImpact_Briefing_2012.pdf. 61. Guidelines for Electronic Retail Payment Services (Bank of 71. For more information, see Mark Prigg, “Mastercard under Jamaica, 2013), Section 8. Fire for Tracking Customer Credit Card Purchases to Sell to 62. Directive 2015/2366 of the European Parliament and of Advertisers,” The Daily Mail, October 17, 2012, available the Council of 25 November 2015 on Payment Services in at http://www.dailymail.co.uk/sciencetech/article-2219069/ the Internal Market, Article 95. Mastercard-tracking-purchases-sell-advertisers.html; Emily 63. Directive 2015/2366 of the European Parliament and of Steel, “MasterCard Mines Data for Marketers,” Financial the Council of 25 November 2015 on Payment Services in Times, October 17, 2012, available at https://www.ft.com/ the Internal Market, Articles 96 and 97. content/089f7cd0-16f2-11e2-b1df-00144feabdc0#axzz- 64. PSPs gather vast amounts of data, including personal 34PVrhDQq; and Emma Thomasson, “Mastercard: Real- information, in order to conduct their daily tasks. This Time Consumer Trend Data Is a Huge Growth Area for Us,” information is sensitive to misuse or breaches, which has Business Insider, June 11, 2014, available at http://www. the potential to cause harm to consumers. This section businessinsider.com/r-mastercard-expects-big-growth- touches on only a few select issues with respect to data from-big-data-insights-2014-11. protection and privacy that are most relevant to financial 72. For example, see “Joint Committee Discussion Paper on consumer protection. the Use of Big Data by Financial Institutions,” JC/2016/86 65. Regulation (EU) 2016/679 of the European Parliament and (European Supervisory Authorities, 2016), which provides a of the Council of 27 April 2016 on the protection of natural high-level assessment of the potential benefits and risks of persons with regard to the processing of personal data and the use of big data by financial service providers. on the free movement of such data. 73. Payment and Settlement Systems Act, 2007 (India), 66. In the context of big data, this is an essential principle as it Section 22. ensures that the rules and obligations included in the 74. For more information, see the Permanent Arbitration Court General Data Protection Regulation are applicable to all of the Slovak Banking Association’s website at http://www. controllers processing data of EU residents, regardless of nbs.sk/en/payment-systems/other-information/permanent- their location. arbitration-court. 67. Under this new concept, controllers will be required not 75. Deposit-taking financial institutions can be banks, credit only to have processes and procedures in place, but also unions, financial cooperatives (urban or rural), housing or be able to demonstrate that data processing is done in building societies, MFIs, and so forth, which should be line with the requirements of the regulation. subject to sound prudential regulation and supervision 68. The discussion in this section is based on joint work on on a regular basis. innovations in retail payments conducted by InnoPay and 76. See Juan Carlos Izaguirre, Timothy Lyman, Claire McGuire, the World Bank in 2014. and David Grace, “Deposit Insurance and Digital Financial Inclusion,” CGAP Brief, October 2016. ANNEX B CREDIT REPORTING SYSTEMS Credit reporting is a crucial component of modern In 2011, the World Bank, with the support of the Bank financial systems and a critical driver for efficiency in of International Settlements, published the General lending to consumers. Databases containing information Principles for Credit Reporting (General Principles),1 relevant to making credit decisions, such as credit histo- which was the result of cooperative work by a task ries, personal data, and other information, represent a force of 25 members representing central banks, finan- great concentration of power. For this reason, the impact cial supervisors, multilateral organizations, data pro- of misuse, mishandling, or errors is potentially damaging tection agencies, and the credit reporting industry. The to individuals. At the same time, the existence of such General Principles were produced after literature review, databases offers consumers who honor their obligations extensive research conducted at the country level through with the opportunity to distinguish themselves from those the Western Hemisphere Credit Reporting Initiative, the who do not, thereby establishing “reputation collateral.” Global Credit Bureau Program, the Arab Credit Reporting As a result, consumers who have demonstrated their will- Initiative, and informed discussions in the International ingness to meet payment obligations—not only to finan- Credit Reporting Committee. In addition, the work con- cial service providers in respect of formal loans, but also to ducted by the Expert Group on Credit Histories to identify telecommunication companies, utility companies, and barriers to the access to, and exchange of, credit informa- other providers from whom they obtain goods and ser- tion within the European Union under the coordination of vices on credit—should enjoy greater access to credit at the EU Commission was a relevant source of knowledge more favorable rates, terms, and conditions. Without for the development of the General Principles. ignoring the importance of a person’s capacity to repay (which is measured by income), the ability to build reputa- The General Principles include five general principles on tion collateral is especially important to consumers with (1) data and its quality, (2) the security and efficiency of lower incomes who may not own property that could data processing, (3) governance and risk management, serve as physical collateral for borrowing. (4) the legal and regulatory environment, and (5) cross- border data flows. In addition, a set of “recommenda- Achieving the optimal balance between protecting tions for effective oversight” is also included in the General consumers and allowing information to be collected Principles. General Principle 1 deals with the need of shar- and distributed to assist them in their borrowing activ- ing complete, up-to-date, and accurate data that are col- ities requires a combination of adequate legal and reg- lected from truthful sources. General Principle 2 deals with ulatory protections, enforcement, and properly aligned conditions to ensure participants’ confidence that informa- incentives for all participants in the financial system. tion is properly stored and not being misused. The need Consumers should be able to understand what informa- for transparency and adequate accountability of CRSs is tion is being collected about them and how the informa- dealt with under General Principle 3. General Principle 4 tion is being used and by whom. Policies with respect to provides guidance on how to meet the balance between credit reporting systems (CRSs) should protect the rights accessing relevant data and protecting consumers’ rights. of consumers and allow them to access their information, as well as to challenge any errors in data used for credit The good practices (GPs) contained in this annex are reports or scoring models. consistent with the General Principles and with other international approaches regarding data protection policies. These include basic principles issued by the   213 214   Good Practices for Financial Consumer Protection United Nations (UN), the Organisation for Economic The GPs described in this annex primarily focus on Co-operation and Development (OECD), the Asia-Pacific issues of consumer rights with respect to data and con- Economic Cooperation (APEC), the European Union (EU), sumer awareness, which lie at the core of sound con- and the Council of Europe (COE). Alternative regulatory sumer protection in CRSs. It is fully recognized, however, models have also been taken into account through the that other issues not addressed in this annex due to time comparison of credit reporting regulations in 100 coun- and space constraints are also important and should be tries.2 Thus, the GPs have been developed based upon a considered to cover issues related to consumer protection broad range of policy and academic literature, compara- and CRSs more comprehensively. These issues include tive legal analysis, and practical experience from a num- adequate disclosure and transparency by CRSs and the ber of country-based analyses.3 role of creditors and CRS officers in explaining the content of credit reports to consumers. These GPs also do not Until the adoption of the General Principles in 2011, a directly cover the broader general principles, such as the number of supranational frameworks included refer- principle for CRSs to have accurate, timely, and sufficient ences to the protection of personal information data. Such general principles also have direct impact on included in databases such as CRSs. Table 4 shows the consumers. most relevant frameworks covering the protection of per- sonal information. TABLE 4: Overview of Consumer Protection Regulation for Credit Reporting Systems INSTITUTION OR GOVERNMENT LAWS, REGULATIONS, DIRECTIVES, AND GUIDELINES UN Universal Declaration of Human Rights, Article 12 International Covenant on Civil and Political Rights, Article 17 (December 16, 1966)  United Nations Guidelines for the Regulation of Computerized Personal Data Files, adopted by General Assembly Resolution 45/95 of December 14, 1990 (UN Guidelines)  “The Right to Privacy in the Digital Age” (United Nations Human Rights Council, March 2015) OECD “OECD Guidelines for the Security of Information Systems and Networks: Towards a Culture of Security” (2002) Guidelines Governing the Protection of Privacy and Transborder Flows of Personal Data (2013) Declaration on Transborder Data Flows (1985) “Ministerial Declaration on the Protection of Privacy on Global Networks” (1998) “Effective Approaches to Support the Implementation of the G20/OECD High-Level Principles on Financial Consumer Protection” (2014), Principle 8, “Protection of Consumer Data and Privacy” World Bank and Inter- Principles and Guidelines for Credit Reporting Systems (2004) American Development Bank  Principles for Effective Insolvency and Creditor/Debtor Regimes, section B.1.4 (2011) General Principles for Credit Reporting (2011) APEC APEC Privacy Framework (2005) EU Directive 1995/46/EC, on the Protection of Individuals with Regard to the Processing of Personal Data and on the Free Movement of Such Data  Directive 2008/48/EC, on Credit Agreements for Consumers and Repealing Directive 87/102/EEC (Consumer Credit Directive)  Regulation (EU) 2016/679, on the Protection of Natural Persons with Regard to the Processing of Personal Data and on the Free Movement of Such Data, and Repealing Directive 95/46/EC (General Data Privacy Regulation) COE Convention for the Protection of Individuals with Regard to Automatic Processing of Personal Data (COE Convention), ETS No. 108 (January 28, 1981, entered into force on October 1, 1985) and Explanatory Report  Amendments to the COE Convention, allowing the European Communities to accede (adopted June 15, 1999, entered into force after acceptance by all parties) and Explanatory Memorandum  Additional Protocol to COE Convention, on Supervisory Authorities and Transborder Data Flows and Explanatory Report, ETS No. 181 (opened for signature on November 8, 2001)  Recommendation R(2002) 9 on the Protection of Personal Data Collected and Processed for Insurance Purposes and Explanatory Memorandum (September 18, 2002)  Recommendation R(90) 19 on the Protection of Personal Data Used for Payment and Other Operations and Explanatory Memorandum (September 13, 1990) EU-US Safe Harbor Framework (2000) Annex B: Credit Reporting Systems   215 A: LEGAL AND SUPERVISORY FRAMEWORK A1: CREDIT REPORTING LEGAL AND SUPERVISORY ARRANGEMENTS a. The overall legal and regulatory framework for the CRS should be (i) clear, predictable, nondiscriminatory, proportionate, and supportive of consumer rights; and (ii) supported by effective judicial or extrajudicial dispute resolution mechanisms. b. Aspects related to consumers’ rights with respect to credit information shared in CRSs should be subject to appropriate oversight by an authority with sufficient enforcement capability. c. In facilitating the cross-border transfer of credit data, a CRS should provide appropriate levels of protection for the security and confidentiality of information. Explanatory Notes law. In others cases, there may be a separate law on credit A borrower’s payment behavior can have implications for reporting. In some instances, a comprehensive data pro- the solvency of a financial system as a whole and for the tection law exists. Any of these approaches can provide an safety and security of depositors’ funds. As such, there is adequate legal framework for credit reporting. However, it a public interest in having a CRS and data available on is important that the unique nature of credit information borrowers’ payment histories. These data better enable be expressly recognized if credit reporting laws form part lenders to evaluate risk and perform their function of inter- of a general law that covers other types of personal infor- mediating financial resources in a society. These data are mation—that is, medical, tax, criminal, and so forth. valuable not only for regulated financial institutions, but Financial liberalization has significantly reduced restric- also for a variety of other financial service providers and tions on the operations of financial institutions in foreign nonfinancial businesses that need to evaluate risk as part markets. At the same time, small businesses initiating of their business. activities in a new country, and individuals who have A legal and regulatory framework on credit reporting changed their country of residence will most likely need to must protect consumer rights while allowing credit infor- establish a relationship with a local financial entity. New mation to be collected, distributed, and used to assist challenges have thus emerged in recent years, including consumers in their borrowing activities. The framework the need to monitor the credit exposure of important bor- should establish standards and controls for the circulation rowers outside a financial institution’s home markets, or of credit and other information for specified permitted providing credit and other financial products or services uses, such as credit risk prediction. It should also establish on a sound basis to consumers who do not have a credit conditions and limits (such as consent) for the use of credit history in the country where they are applying for credit. information for purposes other than credit risk evaluation, When there is a direct link between credit reporting such as assessing the suitability of a job candidate. Spe- service providers in different jurisdictions, the cross-bor- cific aspects related to consumer complaints and the der mechanism is subject to practically the same opera- effective handling of disputes should also be included tional, legal, and reputational risks as is the case within the oversight framework and entrusted to the ade- domestically. Hence, the parties involved in the cross-bor- quate authority, taking into consideration the context and der transfer of credit information should adopt gover- legal framework of the country. nance and control measures and mechanisms for Countries vary in their approach to enacting laws on protecting consumers’ rights that are equivalent to those credit reporting. In some cases, provisions governing applicable to a domestic credit reporting service provider. credit reporting form part of a general financial services B: DATA PROTECTION AND PRIVACY B1: CONSUMER RIGHTS IN CREDIT REPORTING Laws and regulations on credit reporting should specify basic consumer rights with respect to credit information. These rights should include the following: 216   Good Practices for Financial Consumer Protection a. The right to be informed about the collection, processing, and distribution of credit information. b. Where consent is used to provide the legal basis for the collection, processing, and distribution of credit information, such consent should be informed, freely given, and specific as to its scope. c. The right of a consumer to access one’s own credit report and other relevant data, free of charge at least once a year, subject to the consumer being properly identified. Such information should include the data provider’s name and any previous requests for access to the consumer’s credit report from at least the past six months. d. The right to know about any adverse action in connection with a credit decision, or any offers for less-than- optimal conditions or prices, that have been based on the individual’s credit report. In this process, consumers should be provided with the name and address of the credit reporting service provider. e. The right to correct factually incorrect information or to have information that has been unlawfully collected or processed deleted. f. The right to place a red flag on information that is in dispute without adversely affecting the consumer’s credit score. g. The right to consent to the use of the consumer’s credit information for marketing, employment, or other purposes other than the evaluation of creditworthiness for credit-related purposes. h. The right to have information kept confidential and with sufficient security measures in place to prevent unauthorized access, misuse of data, or loss or destruction of data. Explanatory Notes Directive (implemented in the 27 EU Member States and The right to be informed (B1[a]) refers to the right of con- replicated by some countries in South America), many sumers to know about the collection, processing, and dis- non-European laws,4 the COE Convention, as well as in tribution of their personal information, including the the Openness Principle 12 of the OECD Guidelines Gov- identity of the entity controlling such information. Where erning the Protection of Privacy and Transborder Flows consent provides the legal basis for the collection, pro- of Personal Data. cessing, and distribution of credit information, such con- The right to access personal information (B1[b])—in sent should be freely given by the individual, on the basis this context, the individual’s credit report and other key of information provided about how their credit information data items used to build credit scores—is based on Article will be handled and the purposes for which it will be han- 4 of the UN Guidelines. Article 4 establishes the “principle dled, which is specific as to the scope of the individual’s of interested-person access,” which provides that upon consent. The General Principles differentiate between the providing proper proof of identity, every person has the consent to collect data and share it with the CRS provider, right to know whether information about him or her is the consent to report data, and the consent to access data. being processed and “to obtain in an intelligible form, Article 3 of the UN Guidelines regarding files states that without undue delay or expense, and to have appropriate “the purpose which a file is to serve and its utilization in rectifications or erasures made in the case of unlawful, terms of that purpose should be specified, legitimate and, unnecessary or inaccurate entries and, when it is being when it is established, receive a certain amount of publicity communicated, to be informed of the addressees.” The or be brought to the attention of the person concerned.” OECD Guidelines provide that the individual has the right This ensures that all processed personal data are relevant to obtain confirmation as to whether information has been to the purpose stated, there are no secret databases, and stored from the data controller and to have such confirma- no data are used without the consent of the consumer. tion communicated within a reasonable manner and time- The right to be informed may be waived in the context frame. Access is also mentioned in the World Bank’s of sharing information with a credit registry for supervisory Principles for Effective Insolvency and Creditor/Debtor purposes. However, the consumer should be informed at Regimes (Principle B1.4).5 least about the type of information that is being collected, The right to access enables individuals to check the the purpose for its collection and further distribution, and quality of their personal data and the lawfulness of its pro- the process to correct any errors in the data. cessing. It is also a precondition to other rights, such as Throughout the world, this right is reflected in most the right to rectify incorrect data or to erase unlawfully data protection laws, such as the EU Data Protection processed data. The right to access in the CRS environ- Annex B: Credit Reporting Systems   217 ment also requires CRS providers to ensure that consum- viduals can stop their credit information from being pro- ers are informed about the users that accessed their data, cessing for purposes unrelated to the extension of credit, at least in the past six months—that is, “previous enqui- such as marketing or employment (B1[f]). In a number of ries”—as well as the full name of the creditor or data pro- countries, individuals may opt either in or out to having vider that submitted the data to the CRS provider. their credit information used for marketing purposes, with In the United States, financial institutions have a duty to the opt-out approach tending to increase the use of credit inform consumers of any adverse action in connection with information for marketing purposes.8 APEC’s Principle IV credit decisions that is based on their credit report or score (Uses of Personal Information) requires information to be (B1[c]). Such a duty is partly due to the fact that consumers used only for the stated purposes of collection, except in the United States are not informed ex ante about their where the individual has given consent. credit information being collected and processed, and the The right to have sensitive information specifically pro- purpose for its collection and processing. The additional tected (B1[g]) appears in most major international instru- duty to inform consumers about less-than-optimal condi- ments on data privacy, such as OECD reports (Comment tions also forms part of US regulations.6 Although only a to Guidelines on the Protection of Privacy), the UN Guide- few countries have taken the same approach as the United lines (Article 5), the COE Convention (Article 6), the EU States in establishing a duty to inform of adverse actions, Data Protection Directive (Article 8), and the EU-US Safe it can also found in Article 9 of the EU’s Consumer Credit Harbor Framework. Legal controls against the discrimina- Directive. Article 9(3) provides that, if a credit application tory use of sensitive information are also discussed in the is rejected on the basis of consultation of a credit database, World Bank’s General Principles (Principle 15). Only the the creditor should inform the consumer immediately and APEC Privacy Framework does not require additional pro- without charge about the result of the database consulta- tection for sensitive information. tion and of the particulars of the databases consulted. The major international instruments—including the The right to access and rectify or erase data (B1[d]) is OECD Guidelines Governing the Protection of Privacy established in all major international instruments on data and Transborder Flows of Personal Data (Principle 10), UN protection, such as the UN Guidelines (Articles 2 and 4) Guidelines (Article 3), APEC Privacy Framework (Principle and the OECD Guidelines Governing the Protection of III, “Collection Limitation”), and COE Convention— also Privacy and Transborder Flows of Personal Data (Individ- require limitations to be placed on information collection ual Participation Principle 13). The right to have informa- and distribution. The COE Convention, for instance, states tion corrected is established in more than 40 countries.7 In in Article 5e that data must be “preserved in a form which addition, Article 4 of the UN Guidelines provides that the permits identification of the data subjects for no longer data controller should bear the cost of correcting incorrect than is required for the purpose for which those data are data. This right also encompasses the right to erase infor- stored.” Companies may have incentives to store per- mation that has been unlawfully collected or processed, sonal information for longer than necessary, which can such as sensitive information. (See below.) lead to suboptimal market results.9 Therefore, it is good The right to place a red flag on information the accu- practice to place time limitations on data retention. racy of which is under dispute (B1[e]) is common in credit Care should also be taken to ensure that public sector reporting regimes. This practice allows consumers to cor- and private sector CRSs provide the same levels of con- rect any erroneous data in their reports before any deci- sumer protection on the use of personal data. Both types sion is made based on inaccurate data, and it alerts users of CRS provide data that allow individuals to be identified, of the potential inaccuracy in that specific data. and both should therefore provide the same high stan- In many credit reporting regulatory frameworks, the dard of protection for consumers. consent principle also encapsulates the notion that indi- C: DISCLOSURE AND TRANSPARENCY C1: UNBIASED INFORMATION FOR CONSUMERS a. Via the Internet, printed publications, radio, and TV, financial regulators should provide independent information for consumers to improve their knowledge on credit reporting and to proactively manage how their personal information appears in credit reports. 218   Good Practices for Financial Consumer Protection Explanatory Notes information about the main factors that contribute to the Education on credit reporting may comprise several activ- formulation of an individual’s credit score. Regulators ities, such as a key information brochure that explains to should ensure proper collaboration between data provid- consumers their privacy choices and their impacts, as well ers, CRS providers, and users in order to ensure that such as rights and obligations. Depending on the country con- educational materials are made available to consumers. text, the type of services provided by CRS providers may Regulators should ensure that this information is easy vary. At minimum, consumers should be aware of the fol- to understand and provided to all consumers through lowing: (i) the name of all CRS providers operating in the accessible channels. Examples of consumer education country; (ii) the type of sources that submit data to each of publications on credit reporting include the following: the CRS providers; (iii) the permitted purposes for data • The US Federal Trade Commission’s Privacy Choices collection and access; (iv) the impact of a good or bad for Your Personal Financial Information;10 Building a credit history on the consumer, such as access to credit, Better Credit Report;11 Credit Repair: Self Help May Be employment, insurance, and others; (v) the methods and Best;12 and Disposing of Consumer Report Informa- protocols for ensuring data accuracy; (vi) consumers’ tion? New Rule Tells How13 rights and the channels available to exercise such rights; and (vii) the role of the regulator. • The United Kingdom’s Information Commissioner’s It is important to help consumers understand that Office’s Credit Explained14 financing costs could be reduced if their credit report or • The Australian Securities and Investments Commis- other value-added products, such as their credit score, sion’s Factsheet: Your Credit Report15 and Credit were improved, and to help them see how this can be Reports16 achieved. Education on credit reporting should include NOTES 1. See General Principles for Credit Reporting (World Bank, 8. See Eric J. Johnson, Steven Bellman, and Gerald L. Lohse, 2011). The General Principles are part of the FSB “Defaults, Framing and Privacy: Why Opting In-Opting compendium of financial sector standards. Out,” Marketing Letters 13, no. 1 (2002), 5–15. Available at 2. See, for example, Nicola Jentzsch, Financial Privacy: An https://www0.gsb.columbia.edu/mygsb/faculty/research/ International Comparison of Credit Reporting Systems pubfiles/1173/defaults_framing_and_privacy.pdf. (Berlin: Springer, 2007). Jentzsch found that 80 of 100 9. See Curtis R. Taylor, “Consumer Privacy and the Market for countries in the sample had constitutional privacy-protec- Customer Information,” RAND Journal of Economics 35, tion clauses, 35 had general data protection laws, 7 had no. 4 (winter 2004), 631–651. credit reporting laws, 6 had statutory codes, and 22 had 10. https://www.consumer.ftc.gov/articles/0222-privacy-choic- industry COCs. es-your-personal-financial-information. 3. See also Margaret Miller, “Credit Reporting Systems 11. Building a Better Credit Report (Federal Trade Commis- around the Globe: The State of the Art in Public and sion, May 2014), available at https://www.consumer.ftc. Private Credit Registries” (World Bank, 2000). gov/articles/pdf-0032-building-a-better-credit-report.pdf. 4. For example, the Fair Credit Reporting Act (1970) and the 12. https://www.consumer.ftc.gov/articles/0058-credit-repair- Consumer Reporting Employment Clarification Act (1998). how-help-yourself. 5. See http://siteresources.worldbank.org/INTGILD/ 13. https://www.ftc.gov/tips-advice/business-center/guidance/ Resources/ICRPrinciples_Jan2011.pdf. disposing-consumer-report-information-rule-tells-how. 6. See “Risk-Based Pricing Notice,” section 311(a) of the Fair 14. Credit Explained (Information Commissioner’s Office, and Accurate Credit Transactions Act of 2003, and notice October 2015), available at https://ico.org.uk/media/ of proposed rulemaking for correction of this act (Fair for-the-public/documents/1282/credit-explained-dp-guid- Credit Reporting Risk-Based Pricing Regulations, 2008). ance.pdf. 7. Nicola Jentzsch, Financial Privacy: An International 15. https://www.moneysmart.gov.au/tools-and-resources/publi- Comparison of Credit Reporting Systems (Berlin: Springer, cations/factsheet-your-credit-report. 2007). 16. https://www.moneysmart.gov.au/borrowing-and-credit/ borrowing-basics/credit-reports. ANNEX C FINANCIAL CAPABILITY It is becoming increasingly important that people are able to manage their personal finances well—in other BOX 6 words, to be financially capable. However, surveys from a number of countries have shown that many people lack Definitions of Financial Capability, Financial the knowledge, skills, attitudes, and motivation to do so. Education, and Financial Literacy Many countries are therefore taking steps to increase their While the terms financial capability, financial education, and financial population’s level of financial capability. literacy have different meanings, in practice they tend to be used inter- changeably. This annex uses the following definitions: There is widespread recognition that strengthening Financial capability is defined by the World Bank Group as “the people’s financial capability is increasingly necessary as capacity of a consumer to make informed decisions and act in one’s financial products become more complex and people best financial interest, given socioeconomic and environmental condi- obtain financial products for the first time as a result of tions.”1 Financial capability is the knowledge, skills, attitudes, and con- a wider range of distribution channels, including non- fidence that lead people to make financial decisions that are bank providers. New products and services (for example, appropriate to their circumstances. e-money, microinsurance), and the use of new delivery Financial education is a tool for increasing financial capability. channels, such as mobile phones, smart cards, and agent According to the Organisation for Economic Co-operation and Devel- networks, operated by new service providers (mobile net- opment (OECD), it is “the process by which financial consumers/inves- tors improve their understanding of financial products, concepts and work operators) can provide opportunities to reach large risks and, through information, instruction and/or objective advice sections of populations that were previously underserved. develop the skills and confidence to become more aware of (financial) Efforts to improve financial inclusion through access to risks and opportunities to make informed choices, to know where to basic transactional accounts, as well as through more go for help, and take other effective actions to improve their financial sophisticated financial products and services, have also well-being.”2 increased in the past decade, in part due to substantial Financial literacy refers to a person’s understanding of key concepts commitments to increasing financial inclusion by interna- required for managing their personal finances. Theoretically, it has a tional institutions, governments, and private sector players. narrower meaning than financial capability.3 However, in order to take advantage of these opportu- nities, people need to be equipped with the knowledge, financial risks and negative shocks. For countries as a skills, motivation, and confidence to make informed whole, strengthening the financial capability of a popula- decisions on how to manage their personal finances. tion can strengthen the economy, improve financial stabil- They need to have a basic understanding of products and ity, and help to move some of the poor out of poverty.4 services and know how to take advantage of them. They then need to take actions to implement those decisions As shown in Box 6, financial capability encompasses and to understand and manage associated risks, such as not only financial knowledge, but also the skills, atti- over-indebtedness and fraud. People who make good tudes, and confidence of consumers—and is ultimately financial decisions and then implement these decisions about consumers’ behaviors. Behavioral economics, the are more likely to achieve their financial goals, improve study of how psychological factors influence economic their household’s welfare, and protect themselves against decision-making by individuals, identifies common human   219 220   Good Practices for Financial Consumer Protection biases that can affect financial decisions. For example, This annex sets out good practices (GPs) for increas- people whose level of financial knowledge is low may ing people’s financial capability that are particularly nevertheless set aside some savings. On the other hand, a useful for policy makers, financial sector regulators, person who understands the benefits of saving, knows and other key stakeholders who prioritize financial how to save with a financial institution, and intends to set capability and/or are introducing an NFCS. This annex aside savings may fail to save for a rainy day or to make does not cover all issues relevant to financial capability— provision for their retirement. This failure to translate an in particular good practices regarding the operations of intention to save into concrete actions can sometimes be financial capability programs. Rather, it focuses on those because, in practice, the person prefers immediate gratifi- topics most relevant from a policy maker’s perspective cation or is subject to stress or other influences on their and within a policy maker’s remit. While many of the good decision-making. practices discussed herein are derived from experiences in providing traditional financial education programs, the In addition to a person’s financial capability, other fac- GPs also include other emerging and promising practices, tors influence a person’s financial behavior. These fac- such as choice architecture, timely reminders, and use of tors include the accessibility of financial products and incentives as tools for encouraging behavioral change. services, their affordability, and the extent to which peo- Since circumstances vary from country to country, this ple trust financial institutions to safeguard their money annex does not seek to prescribe practices that should and treat them fairly (including if they have a grievance). be followed invariably in all countries but instead synthe- Thus, supply-side measures need to be pursued in parallel sizes good practices from around the globe and offers with demand-side measures. Prudential regulation, finan- alternative options where possible, for policy makers to cial consumer protection conduct regulation, financial use as a reference and to apply and adapt to their own inclusion initiatives, and financial capability initiatives are country’s context. complementary, rather than alternatives, and each has a vital role to play in the development and maintenance of More specifically, the GPs provide guidance on (a) the a stable and vibrant financial sector. design of an NFCS; (b) the leadership of, and stake- holder involvement in, the design and implementation The development and subsequent implementation of a of an NFCS; (c) the selection, design, and implementa- national financial capability strategy (NFCS) can pro- tion of financial capability programs, and (d) the moni- vide the opportunity to involve a broad range of stake- toring and evaluation (M&E) of both the overall strategy holders and to set out a clear and agreed-upon and individual programs. The GPs take into account a pathway to strengthen financial capability within a variety of existing principles and guidelines to help country. In many countries where significant steps have increase financial capability, including the High-Level Prin- been taken to strengthen the financial capability of the ciples on National Strategies for Financial Education and population, either a stand-alone NFCS or a financial capa- the Guidelines for Private and Not-for-Profit Stakeholders bility section within a broader national financial inclusion in Financial Education developed by the OECD with the strategy have been developed. The OECD/International guidance of the International Network on Financial Edu- Network on Financial Education defines a national strat- cation. The GPs also draw from relevant work of interna- egy for financial education as “a nationally coordinated tional organizations such as the World Bank and global approach to financial education that consists of an think tanks and non-governmental organizations (NGOs), adapted framework or program that including on financial capability surveys, effective financial capability programs and strategies, and M&E. The GPs • Recognizes the importance of financial education— incorporate the latest insights from behavioral economics including possibly through legislation—and defines its as well as experiences from a range of countries in differ- meaning and scope at the national level in relation to ent geographic regions, with differing contexts and levels identified national needs and gaps; of income and capacity. • Involves the cooperation of different stakeholders as well as the identification of a national leader or coordi- The GPs included in this annex are designed to be nating body/council; adoptable in a broad range of countries. However, in • Establishes a road map to achieve specific and pre-de- some less developed countries, resource constraints may termined objectives within a set period of time; and mean that it may not be practicable to implement all GPs from the outset. Choices may therefore need to be made • Provides guidance to be applied by individual pro- about which to implement first, with some of the GPs grams in order to efficiently and appropriately contrib- being regarded as medium- to long-term objectives. The ute to the national strategy.”5 explanatory notes include practical examples drawn from Annex C: Financial Capability   221 a mix of countries, including countries that face capacity NFCS—each NFCS so far developed has significant differ- constraints. ences from other NFCSs. Moreover, despite substantial growing interest in financial capability in recent years, Finally, these GPs should be read with a few important research on the impacts achieved by financial capability caveats in mind. The implementation of the GPs needs to programs remains limited and, in some cases, mixed, take account the particular circumstances of the country. especially for interventions for encouraging behavioral These include the willingness of specific stakeholders to change. The current lack of replication and of robust make an effective contribution to the development and results from different countries limits the ability to obtain a implementation of an NFCS and specific programs and deeper understanding of factors that can contribute to activities, together with other opportunities and con- successful results in different contexts. straints within the country. There is no single “model” A: NATIONAL FINANCIAL CAPABILITY STRATEGY a. Either a stand-alone NFCS or a dedicated financial capability section in a national financial inclusion strategy should provide a framework for all relevant stakeholders to strengthen the financial capability of the population. b. Steps should be taken to provide robust foundations for an NFCS, including the following: An analysis of available information about the financial needs and behaviors of different segments i. within the population, including, if practicable, undertaking a baseline financial capability survey The mapping of significant existing financial capability initiatives within the country ii. A stocktaking of good practices and relevant tools developed in other countries and at the iii. international level c. At a minimum, an NFCS should include the following: Definitions of key terms i. The results of any financial capability surveys that have been undertaken and other relevant data ii. about people’s financial needs and behaviors An explanation of why it is important to strengthen financial capability in the country, who will benefit, iii. and what the main expected benefits are An explanation of how the NFCS relates to other national priorities iv. The vision, goals, and objectives of the NFCS, which should be realistic and SMART—that is, specific, v. measurable, actionable, realistic, and time-bound A brief description of any significant existing financial capability programs on which the NFCS will vi. build The key financial capability programs that form part of the NFCS and their target groups vii. A description of arrangements for leading and coordinating the implementation of the NFCS and for viii. involving stakeholders (see section B) So far as practicable, a description of arrangements for funding the implementation of the NFCS ix. A description of arrangements for testing proposed financial capability programs in advance, x. monitoring and evaluating financial capability programs, and measuring progress on implementing the NFCS An action plan summarizing the steps that will be taken over a specific timeframe, as well as the xi. responsibilities of relevant stakeholders with regard to the NFCS implementation A M&E framework should be developed and published for assessing the implementation of both the xii. strategy and individual programs (see section D) d. A manageable set of programs should be selected for inclusion in an NFCS. e. Programs should be selected for inclusion in an NFCS only if they are likely to be cost-effective—that is, they can be expected to reach scale and significant impact at reasonable costs. 222   Good Practices for Financial Consumer Protection f. Programs that are selected for inclusion in an NFCS should strike a reasonable balance between reaching different segments of the population, as well as between programs that are expected to generate quick wins and those that have longer-term impacts. g. Once it has been finalized, an NFCS should be published and communicated to stakeholders. Explanatory Notes East Asia and the Pacific, the Middle East, and Europe. More than 60 countries are developing, or have already Other international financial capability and literacy mea- developed and are now implementing, a national financial surement instruments and resources are available from capability (or financial education/literacy) strategy to the World Bank’s Responsible Financial Access Team,9 the strengthen the population’s financial capability.6 In many OECD,10 and the Alliance for Financial Inclusion. A review cases, the strategy is aligned with other national develop- conducted by the World Bank of existing approaches to ment policies, such as increasing financial inclusion or measuring financial literacy and financial capability also strengthening financial consumer protection. The devel- provides a useful reference for policymakers.11 opment of an NFCS helps provide focus and momentum, The adaptation, testing, implementation, and analysis avoid unplanned gaps and unnecessary duplication, and of a nationwide financial capability survey are expensive establish sustainable partnerships. It provides opportuni- and likely to take eight months or longer to complete. If it ties to involve a broad range of stakeholders and to is not feasible to undertake a comprehensive survey due to develop a road map setting out the steps that will be resource constraints, policy makers should try to leverage taken to strengthen the population’s financial capability. the results of any surveys that have already been under- In some countries, a financial capability strategy forms taken, such as FinScope surveys,12 which explore consum- part of an overarching national financial inclusion strategy ers’ perceptions toward, and use of, financial products and or financial sector development strategy. This can help to services. A few financial capability questions can also be ensure that plans to strengthen financial capability are incorporated into any broader survey that is already rooted within a broader set of national priorities. However, planned, such as a general household survey or a financial a potential disadvantage of this approach is that it can inclusion survey. Other data sources that should be lever- dilute focus from financial capability. aged to build up a picture of people’s financial capability include consumer complaints data (which may provide Baseline financial capability survey. A nationwide finan- insights into areas where people’s financial knowledge is cial capability survey provides a useful basis for identify- erroneous or lacking) and supply-side data (for example, ing target groups7 within the population that have the on non-performing loans and dormant accounts). Key greatest need for financial education, together with infor- results of any relevant surveys and other pertinent data mation about the strengths and weaknesses in people’s should be summarized in an NFCS and taken into account knowledge, understanding, skills, and confidence regard- when identifying target groups and deciding on the nature ing personal financial management. A survey also pro- and content of interventions to strengthen the financial vides a basis for developing M&E indicators against capability of these groups. which future progress in strengthening people’s financial capability can be measured. Therefore, resources permit- Mapping of existing financial capability initiatives. Signif- ting, a comprehensive financial capability survey should icant existing financial capability initiatives by public, pri- ideally be undertaken, and the results analyzed, before vate, and non-profit organizations should be mapped. an NFCS is developed. When deciding on the size and These organizations may include not only government characteristics of the sample population, care should be ministries and agencies but also financial service provid- taken to ensure that statistically significant results can be ers, credit bureaus, educational organizations, employers, derived, both for the population as a whole and for rele- NGOs, and donors. The mapping of existing initiatives vant subsections of the population (for example, for can help to identify those initiatives that can potentially be young women living in rural areas). built on, gaps in coverage (for example, population seg- The World Bank has developed a survey instrument, ments and geographic locations), and relevant and credi- the Financial Capability and Consumer Protection ques- ble partners for the design and implementation of the tionnaire,8 to measure financial capability. The question- NFCS. Mapping helps to avoid duplication of efforts in naire has been tested extensively in low- and middle- the strategy and to identify good practices and lessons income countries and can be adapted to fit country-spe- learned from existing efforts. cific contexts. To date, the survey instrument has been At a minimum, the mapping for each initiative should used in more than 20 countries in Africa, Latin America, include the identity of the implementing institution(s) and Annex C: Financial Capability   223 any available information about the type of initiative (for saving for future emergencies or other needs, and pro- example, face-to-face basic financial education for farm- tecting themselves against financial risks, such as by ers); whether it is part of a broader initiative; target popu- saving with regulated financial institutions and taking lations; delivery channels; delivery locations; topics cover- out appropriate insurance); reach retirement with suffi- ed; languages of delivery; duration of the initiative; when it cient financial provision to enable them to enjoy a rea- was first implemented; whether it has been independently sonable standard of living; exercise their rights as evaluated; and, if applicable, a website link. If possible, the financial consumers; and be less vulnerable to mis-sell- mapping should also include any available information ing and financial frauds and scams. regarding costs, outreach, achieved impacts, lessons • Financial service industry: It makes good business learned, and future plans.13 It is useful to summarize the sense for financial service providers to have consumers results of this mapping in the NFCS, such as in an annex. who have an understanding of financial issues and are Mapping should not include so-called “financial edu- engaged, rather than disengaged or suspicious. Con- cation” that is in reality marketing campaigns for financial sumers who have confidence in their ability to manage products or services of a specific provider, rather than their personal finances are likely to be more active in information that is applicable across providers. However, acquiring financial products and services, which can it should include significant initiatives—by financial pro- help to reduce marketing costs and increase business viders or others—that aim to influence people to behave volumes. Financially capable consumers are also less in more financially capable ways (such as reminders or likely to acquire unsuitable products or services, or other prompts to save money). products or services that they do not understand, reducing the likelihood of dissatisfaction and con- Taking stock of successful financial capability initiatives in sumer complaints. other countries. When developing an NFCS, policy mak- ers should also consider successful initiatives and good • Government bodies and financial sector authorities: practices in other countries as well as good practices and Improving the population’s financial capability can relevant tools developed at the international level. Some help to improve financial stability, stimulate savings, of these are referred to in section C of this annex. promote financial inclusion, and reduce overindebted- ness, ultimately helping to reduce poverty. Moreover, Minimum contents of an NFCS it is in the interests of government agencies that sup- Definitions. The NFCS should define key terms (including port vulnerable groups (for example, people who live financial education, financial literacy, and financial capabil- in rural areas or agricultural workers) that these people ity, depending on which term(s) are used in the NFCS). See manage their money well. Box 6 for guidance on possible definitions. While the terms • Educational organizations: Personal financial manage- financial education, financial literacy, and financial capabil- ment is an important life skill not only for students but ity have different meanings in theory, they tend to be used also for teachers. Teachers can benefit from being interchangeably in practice. Therefore, for use in the NFCS trained to deliver financial education to their students, and in communications, it can be better to pick the term(s) since this will not only help them to manage their own that stakeholders and the wider population in a particular family’s personal finances but also equip them to help country are most likely to understand generally. Stakehold- their students acquire life skills that they will need as ers should also be able to understand and remember easily they move into adulthood. the definition selected, so that they can use this definition when communicating with others. It is therefore helpful to • Employers: Employees who are in financial difficulties pick a definition for the NFCS that is short and simple. may well be distracted by these worries and therefore be less productive at work. Financial education can Benefits of strengthening the financial capability of the reduce the risk of employees getting into financial dif- population. An NFCS should set out the benefits that dif- ficulties. ferent stakeholders can expect to gain as a result of • NGOs: Many of the people whom NGOs typically sup- strengthening the financial capability of the population. port face financial stress. Improving people’s financial Stakeholders are more likely to support and contribute to capability can help them not only tackle those chal- the development and implementation of an NFCS if they lenges but also avoid getting into financial difficulties understand the potential benefits to them. Typically, these in the first place. benefits include the following: Other national priorities. An NFCS should explain the • Consumers: Consumers can make their money go fur- linkages between strengthening the population’s financial ther (for example, by earning more interest on their capability and the achievement of other relevant national savings and by paying less interest on their borrowing, 224   Good Practices for Financial Consumer Protection priorities. These priorities can potentially include financial Action plan. An action plan should be published at the stability, financial sector development, promoting finan- same time as the NFCS. The action plan should set out cial inclusion, improving financial consumer protection, specific and measurable activities, together with the and poverty reduction. responsible entities, timeframes, and prioritization level of each activity. The activities should cover the development, Funding. To the extent possible, an NFCS should include testing, and implementation of financial capability pro- funding arrangements for implementation of the NFCS. In grams, as well as communications with the public and addition to funding financial capability initiatives, there partners/stakeholders (for example, to share lessons should be sustainable core funding for the leadership and learned). The action plan should be reviewed regularly coordination of NFCS implementation itself. Core funding (ideally on an annual basis) and amended as necessary. is typically provided by the lead organization of the NFCS. Setting priorities for an NFCS is essential in order to A lower level of funding is likely to be available in the early maximize the impact of available resources. If an NFCS is stages of developing a NFCS, but more funding could be too ambitious as a result of excessive or unrealistic priori- allocated if and when implementation of the NFCS can ties, resources will be spread too thinly, and limited con- begin showing success. crete progress may be achieved. Priorities will vary from Potential sources of funding for financial capability ini- country to country, depending in part on a country’s tiatives include: the government’s central budget, the broader objectives, the findings from any financial capa- central bank and other financial sector regulators, pub- bility survey(s) and other relevant data, the mapping of lic-private partnerships, financial service providers, foun- existing initiatives, characteristics of the population, and dations, donors, and implementing organizations’ own opportunities available in that country. In consultation resources. The development of an NFCS demonstrates with key stakeholders, priorities should be set for the strat- that a country is committed to strengthening financial egy’s objectives, target groups, and programs. capability and has a plan to do so, which can serve as an The following criteria that should be considered when encouraging sign for donors to contribute funding for determining which activities are cost-effective and impact- financial capability initiatives. ful: Alternative models for funding of financial capability • Need. Which groups within the population (for exam- initiatives include the following: ple, children, youth, women, micro- and small entre- • Stakeholders voluntarily provide funding and/or preneurs, elderly) have the greatest need for in-kind support for specific activities that are aligned improvements in their financial capability, and which with the stakeholders’ interests and objectives, with issues (budgeting, saving, understanding how to use the lead organization also providing core funding. This digital financial services, responsible borrowing) are is the model used by the majority of countries that most important for each group? have developed an NFCS. • Potential reach. How many people are likely to be • Stakeholders either compulsorily or voluntarily contrib- reached by a program? Some programs are likely to ute funds into a central pot. The allocation of these reach people indirectly as well as directly. (For exam- funds is determined by the lead organization, in con- ple, children who have received financial education in junction with any steering or coordinating committee. schools can help their parents manage the family’s In practice, however, stakeholders often tend to prefer finances.) Mass media and new technologies offer the to retain control over funds that they allocate for finan- potential to expand reach, delivering messages to cial capability initiatives and to be able to see specific many people at low cost. But some recipients may not results from use of their funds. take sufficient note of such messages, so the impact of such messages may be limited. Another potential model is for each financial service pro- vider to be obligated to undertake, at its own expense, • Costs. The costs involved in developing and delivering some financial education activities. While this model is financial education programs vary widely and depend used in some countries, it raises several issues. It may gen- on a number of factors, including the number of people erate relatively small-scale initiatives with little reach or reached, methodology (for example, face-to-face train- impact. It may also result in a lack of coordination, with ing, mass media, digital tools), accessibility of the tar- both overlaps and gaps as well as inconsistent messages get population, whether educational materials will being delivered to target populations. Finally, it may be need to be translated into different languages, and difficult to ensure that financial education initiatives are duration of the program. Opportunities to harness genuinely useful to consumers and objective. resources that may be available free of charge or at minimal cost should be leveraged. For example, a gov- Annex C: Financial Capability   225 ernment agency or NGO that supports people in rural ered through both traditional and new media targeted areas may be willing to deliver financial education. at young people. • Effectiveness. Program experience within a country, as • Financial education in larger workplaces. For example, well as international good practices and experiences, members of an employer’s personnel or training should be taken into account in assessing the potential departments could be provided with financial capabil- effectiveness of a program. For example, people tend ity presentations, and trained to deliver them effec- to form attitudes toward money at a young age. Thus, tively to employees. financial education for younger children has the poten- • Financial capability programs/messages delivered by tial to be more effective for certain goals, by helping trusted intermediaries. Trusted intermediaries can in- establish at an early age positive money-management clude government ministries and agencies (for exam- habits that can continue throughout a person’s life. ple, those supporting youth, women, rural areas, or the • Feasibility. The feasibility of a potential program agricultural sector); ministries of education, schools, should be assessed realistically. For example, even if it and universities; health workers; community leaders; is widely accepted that financial education could community-based organizations; NGOs; and religious potentially be delivered effectively through entertain- leaders. These intermediaries can be leveraged to ing TV programs, it would not be realistic to prioritize deliver targeted financial capability programs or mes- this type of program if it was clear either that no broad- sages during their regular contacts with clients. Orga- caster was interested or that no one was willing to nizations that are trusted by their target audiences are meet the costs of developing good-quality programs. well-placed to deliver guidance on how people can protect themselves against, for example, financial Balancing population segments and short- and long-term frauds, scams, and mis-selling. gains. In making judgments about which programs to pri- oritize, it is important to ensure that there is a reasonable • Financial capability programs/messages integrated overall balance between programs targeted at different into cash-transfer programs. Since cash-transfer pro- segments of the population (for example, different age grams have program staff and infrastructure already in groups, different income levels, women and men, rural place, including training for consumers, and reach and urban areas). There should also be a reasonable bal- large numbers of excluded populations, these pro- ance between programs that can be expected to gener- grams can be used to deliver financial education. ate quick wins and programs that can be regarded as Cash-transfer beneficiaries may be receptive to new longer-term investments. For example, financial educa- information and to changing their behaviors when tion for children is a longer-term investment, because it is receiving their transfer, as this is potentially a “teach- likely to take years before this leads to significant changes able moment” (see section C) when information is in financial behavior. more likely to be retained and cash-management The following financial capability programs are often behaviors influenced.14 undertaken in an NFCS: • Financial education through social networks. Social • Financial education in schools. Such programs should networks and communities can help promote and nor- be coordinated closely with relevant education author- malize positive changes in financial knowledge, atti- ities, including ministries of education. In virtually every tudes, and behaviors. Organized groups, such as country, curricula are crowded. It is likely to be more women’s savings groups, youth clubs, church groups, practical to incorporate financial education into an and workplace groups, can provide opportunities for existing subject than to add a new subject, such as peer learning and sustained social support. They can financial education, into an existing curriculum. Teach- also reinforce learning and encourage perseverance to ers need to be trained, so they have the knowledge, reach financial goals. Individuals who participate in skills, and confidence to provide effective financial financial education programs often share what they education to their students. If financial education is learn with family members and friends, resulting in a included in school curricula, this needs to be reflected positive multiplier effect. Training of trainers also pro- in public examinations, so that students have a clear duces multiplier effects. For example, HerFinance is a incentive to learn. global workplace-based financial education program that targets low-income women working in factories • Financial education/financial capability messages to and connects them to appropriate financial services. youth (for example, programs targeted at children of Local partner NGOs train female workers to serve as school age, university and college students, and mem- peer educators in their workplace and for members of bers of youth clubs and associations). This can also their communities.15 include financial capability messages that are deliv- 226   Good Practices for Financial Consumer Protection • Financial education websites. A number of countries Technology platforms and mass media channels pro- have developed financial education websites. Exam- vide opportunities to disseminate information in a ples include Australia’s MoneySmart website16 and manner that bridges great distances to reach large New Zealand’s Sorted website.17 numbers of people and widely dispersed populations in a timely manner and at lower cost. Regular engage- • Financial education via traditional and new media ment and customized approaches that take into channels. For example, newspapers and magazines, account individuals’ circumstances are key to utilizing TV and radio, text messages, social media and apps. such channels effectively. B: LEADERSHIP AND STAKEHOLDER INVOLVEMENT IN AN NFCS a. A credible lead organization should be identified to lead the development and coordination of an NFCS. b. Well-resourced executive support should be made available by the lead organization. c. Government support should be secured for the development and implementation of an NFCS. d. Stakeholders from the public, private, and NGO sectors should be involved in both the development and the implementation of the NFCS. e. A dedicated, national-level, multistakeholder structure should be established to oversee or advise the lead organization on the oversight of an NFCS and key financial capability programs. f. The private sector should play an important role, but marketing initiatives should not be put forth as financial capability programs. Explanatory Notes • Advocating for financial capability at the national pol- icy level and with stakeholders Lead organization. The lead organization for an NFCS needs to have credibility with stakeholders and the public • Consulting with stakeholders and must be able to devote sufficient time and resources • Ensuring that priorities are set and that unnecessary to undertake its role effectively. In most countries with an duplication and unplanned gaps are avoided NFCS, the lead organization is a public sector body, most often the central bank or another financial sector regula- • Building partnerships and coordinating tor. Typically, one of the main challenges in the develop- • Promoting good practices and high-quality standards ment and implementation of an NFCS is initial buy-in by for programs stakeholders and their long-term commitment to an • Maximizing cost-effectiveness NFCS’s objectives and activities.18 The lead institution needs to have the authority and influence to help per- • Overseeing funding, where appropriate suade stakeholders to participate, forge partnerships • Monitoring and evaluating the overall strategy and pro- between key public, private, and civic sector organiza- moting effective M&E of financial capability programs tions, and secure the necessary resources and actors for implementation of the activities set out in the NFCS. • Communicating with the public and stakeholders (for Experience from a broad range of countries shows that example, disseminating lessons learned and resource the development and implementation of an NFCS is more materials produced by partners and reporting on prog- effective if there is strong leadership to drive work for- ress in meeting NFCS milestones) ward. The lead organization should not attempt to do In some countries, two or more organizations may jointly everything itself. In every country, the improvements that lead the NFCS. This arrangement can increase the are needed in the population’s financial capability are resources available to lead and coordinate work. How- beyond the scope of any single organization to achieve on ever, potential disadvantages are delays in reaching deci- its own. Instead, leadership should involve the following sions and uncertainty in the case of disagreements among actions: leads. If there are joint leaders, it is important that the • Spearheading the development and implementation responsibilities of each leader are set out clearly and pro- of a NFCS tocols are put in place to enable any differences of view to be resolved swiftly and effectively. Annex C: Financial Capability   227 Sufficient staff support. The lead organization will need • Commissioning, interpreting, and disseminating the sufficiently motivated staff with relevant skills to enable it results of national financial capability surveys to undertake effective leadership and coordination. Effec- National-level, multistakeholder coordination structure. tive leadership and executive support are particularly In a number of countries, the lead organization is sup- important in the field of financial education because a ported by an oversight or advisory body. Typically, these wide range of (often unconnected) organizations can bodies comprise around 12–15 senior people drawn from potentially be involved in developing and delivering pro- a range of public, private, and NGO/donor organizations. grams. Priorities need to be set, and the activities of orga- This body can play a role in overseeing or advising on the nizations involved in the development or implementation development and the implementation of the NFCS. It can of financial education programs need to be coordinated in also be helpful to establish working groups of technical order to best utilize resources. One of the most common experts drawn from relevant sectors to help develop and causes of failures in effective implementation of NFCSs is oversee the delivery of financial capability programs. the failure to put in place sufficient staff with the right skills For example, in Uganda, a Financial Literacy Advisory and motivation to support the lead organization. Group comprised of 11 representatives from the public, private, NGO, and educational sectors was established to A variety of roles are typically undertaken by the NFCS provide strategic advice to the Bank of Uganda (the lead team within the lead organization. When identifying staff organization) on the development and implementation of to provide support for an NFCS, it is important to ensure the Strategy for Financial Literacy. In addition, five working that they have the skills and experience to enable them to groups (one for each topic) were established to develop undertake the following sorts of roles: cost-effective, sustainable, replicable, scalable, and well- • Promoting the case for improved financial education targeted activities for strengthening financial literacy. to stakeholders and more generally within the country It will often take some time for people who serve on steering committees and working groups to gain a good • Securing the support and involvement of key potential understanding of how best to strengthen financial capa- partners, including through fundraising bility. Therefore, it is preferable to ensure reasonable con- • Ensuring that priorities for the strategy are set appro- tinuity in the membership of such bodies. priately, so that resources are used cost-effectively and are not spread too thinly Stakeholder involvement. Stakeholders from the public, private, and NGO sectors who can potentially provide • Promoting high standards in the design and imple- technical or financial support should be involved in the mentation of financial capability programs—for exam- development and implementation of the NFCS and finan- ple, by issuing guidelines to stakeholders and making cial capability programs. Stakeholders should possess a available high-quality resources broad range of skills and experience to draw upon. Stake- • Informing stakeholders about overall progress regard- holders are more likely to be willing to contribute to the ing implementation of the NFCS, financial capability implementation of an NFCS if they have been given activities that are being undertaken, future plans, and opportunities to help shape the NFCS, rather than being good practices within the country and elsewhere presented with a completed product. Stakeholders should be consulted on key components of the NFCS, including • Where necessary, initiating financial education pro- the vision, goals, and objectives; existing financial capa- grams or ensuring that suitable programs are initiated bility programs; gaps and issues that need to be • Ensuring that activities are coordinated to avoid dupli- addressed; programs that should be prioritized; and cation and waste of resources issues on which they need support or guidance. The con- sultation process can help promote a sense of ownership • Identifying needs for technical assistance and ensuring and legitimacy in the NFCS that will be crucial in the that such assistance is provided implementation phase of the strategy. • Developing a financial capability website For all stakeholders, their roles and responsibilities should be “consistent with their strengths, interests, and • Monitoring and evaluating the implementation of the resources” as well as “flexible to adapt to changing cir- strategy cumstances and allow for negotiations among stakehold- • Providing advice to stakeholders on the effective M&E ers to avoid duplication.”19 of financial capability programs and collating and dis- The following public sector stakeholders can poten- seminating to stakeholders the results of M&E exercises tially play important roles: 228   Good Practices for Financial Consumer Protection • The central bank and any other financial sector regu- panies. Support from the private sector can range from lators developing and implementing specific financial capability programs to contributing resources, such as funds, man- • Government ministries (for example, finance, educa- power, expertise, and accommodation, to programs that tion, and ministries responsible for youth, women, are being led by others. Marketing initiatives to promote social protection/cash-transfer programs, rural/agricul- specific financial products or brands should not be dis- tural areas, and health) guised or promoted as financial education programs. • State-owned banks (as their clients often include peo- However, this should not preclude initiatives (for exam- ple with lower incomes or lower educations) ple, reminders or other prompts to save money) by finan- • State-owned enterprises and government agencies cial service providers that aim to influence people to behave in more financially capable ways. Potential con- • Public schools and universities flicts of interest, such as the marketing of specific financial Potential civil-society stakeholders include relevant products or brands instead of the provision of objective NGOs, community-based organizations, private schools financial information, can be mitigated through guidance and universities, trade unions, consumer advocacy groups, and monitoring of stakeholders involved. National codes and the media. of conduct or quality standards for financial capability pro- Private-sector stakeholders include the full range of grams can be developed and overseen by the lead orga- financial service providers, their industry associations, nization. (See section C.)20 credit bureaus, employers, and telecommunications com- C: FINANCIAL CAPABILITY PROGRAMS AND ACTIVITIES a. A variety of channels and delivery mechanisms should be used for financial capability programs, including both face-to-face training programs and non-traditional channels that leverage technology, mass media, or behavioral interventions, such as nudges, reminders, and choice architecture. b. The delivery channels for, and content of, financial capability programs should be client-focused and reflect the demographics, cultural and financial context, and learning needs and preferences of the target population. c. Financial capability programs should be cost-effective and make optimal use of resources. d. Financial capability programs should be designed not only to increase recipients’ knowledge, but also to enable them to develop and practice their skills, to instill responsible attitudes, and, most important, to promote financially capable behaviors. e. So far as possible, financial capability initiatives should be fun, entertaining, and interactive and use simple messages that will resonate with the target audience. Where practical, they should involve “learning by doing.” f. Financial capability programs should be delivered at “teachable moments.” g. Financial capability messages should provide objective advice and should not be used as marketing initiatives for financial products or services. h. Financial capability messages should be repeated and reinforced over time, as one-off interventions are unlikely to be successful. i. So far as practicable, financial capability programs should build on successful programs already being undertaken in a country and leverage insights from the existing evidence base of effective financial capability programs in other countries. j. If practical, a system of accreditation of financial capability initiatives should be introduced, and an online platform and database of resources created. Annex C: Financial Capability   229 Explanatory Notes sufficient consideration given to the priorities and con- After an NFCS has been developed, the effective imple- cerns of the target audience. As a result, programs may mentation of financial capability programs is critical to the not sustain participants’ interest or address their specific success of the NFCS. Policy makers should take into con- needs. The quality of the content, and the way in which a sideration the following success factors, which can program is delivered, affect the outcome of a financial improve the effectiveness and impact of financial capabil- capability program. ity programs and activities. Good design begins with a client-centric focus and an understanding of the target population’s demographics Variety of delivery channels. Different people learn in dif- and the group’s cultural and financial context. For exam- ferent ways. Thus, it is good practice to make use of a ple, the following key questions should be asked: variety of channels and methods. If people hear similar • What stage are they at in their financial lives and which messages several times through a variety of channels and types of financial issues do they typically encounter? methods, this can help to reinforce such messages. Key considerations in selecting delivery channels are • Based on the above question, what are the relevant their level of accessibility to the target population and priority financial issues or topics they need to under- their effectiveness. Accessibility concerns include location stand better? (if face-to-face training is involved), timing, duration, and • What are the potential biases that might provide a bar- frequency of the program, including whether it fits with rier to behavioral change? the target audience’s schedule. The use of mobile tech- nology and other new media is growing, but it is import- • How can the information or levers to encourage ant to consider how many members of a target audience behavioral change best reach the target audience, for any specific initiative have ready access to such devices considering their sociodemographic background (for or the Internet. For example, while mobile phones are fast example, gender, age, education, literacy level, becoming ubiquitous in low-income countries, some sec- income level) and culture? tions of the population may still have limited access, A few focus group discussions with members of the target including economically vulnerable people who own SIM audience can help to answer these questions. The results cards but do not own their own phones, or adolescents of any financial capability surveys and other relevant data who rely on their parents’ mobile phones. Poor network should also be taken into account. connectivity or limited access to electricity in some areas Situations, stories, examples, terminology, and visual also limits access. In terms of effectiveness, interventions aids used in financial capability programs need to be rele- based on text messages are unlikely to be effective among vant, culturally appropriate, and emotionally engaging. sections of the population with poor literacy levels. More- Delivery methods should reflect the target group’s learn- over, some people will be more receptive to information ing needs, styles, and preferences. For example, for that is delivered face-to-face. low-literacy participants and other groups possessing a strong oral tradition, programs should rely on oral or visual Effective design for face-to-face training. Participant presentations. People should also be able to perceive the take-up and completion of voluntary financial capability program’s immediate usefulness and real-world relevance programs are often difficult to achieve. It can be harder to their lives. This helps to maximize participant take-up still to bring about longer-term change in knowledge, and retention in the program and to motivate them to skills, attitudes, self-confidence, and behaviors. Participat- apply the new information, skills, or sense of confidence in ing in programs competes with other demands and pres- their finances. sures in people’s daily lives. Unless individuals clearly Technology can potentially provide a customized learn- understand the benefits and relevance to them of the ing experience for individuals. For example, in Chile, com- financial capability program, they are unlikely to register, puter kiosks installed in social service offices provide attend regularly, and make real improvements in their individuals with projections of their pension payouts based financial capability. Psychological biases that influence on their personal financial profiles. They also provide a individuals’ participation in programs and financial behav- simulator to indicate how individuals’ different financial iors should also be considered when designing financial decisions might affect their payouts. Individuals who have capability programs. had this personalized learning experience are more likely A key challenge that needs to be tackled when devis- to make voluntary pension contributions and to increase ing financial capability interventions is ensuring that they the amount they contribute, compared with people who address the learning needs and preferences of the target received generic information about the benefits of con- populations. Too often, programs are designed without tributing to pensions and how to increase their payouts.21 230   Good Practices for Financial Consumer Protection So far as practicable, participants should be given for communication. Research suggests that non-tradi- ample opportunities to reflect on, pose questions about, tional delivery channels, such as TV dramas, can bring and practice what they have learned, thus encouraging about significant improvements in knowledge and them to be active agents in their own learning. As much as behavior; viewers’ emotional connections with charac- possible, training (whether face-to-face or online) should ters and their stories play a key role in motivating these involve dialogue between trainers and participants and/or changes.24 However, the cost of producing and broad- among participants, so that learning is not one-directional casting TV programs can be very high and may not be (only from trainer to participants) but is instead an interac- affordable in some environments. Games can also pro- tive process that also involves participants providing infor- vide opportunities for participants to learn and prac- mation, questions, and opinions. Interactive learning can tice knowledge and skills in a safe and entertaining occur through a variety of means, such as classroom dis- way. A research study on online games in which adults cussions, games, group activities, and online discussion from low-income and minority groups practiced navi- forums, and through online financial tools, such as sav- gating finances through a series of evolving circum- ings, debt, or retirement calculators, where participants stances suggested that participating in the game led input their data to estimate the amount of money and to increases in financial knowledge and self-confi- time needed to reach their financial goals. Interactive dence. However, the scope of the study was limited, learning should aim to anchor the content within partici- and the sample size relatively small.25 pants’ experiences and help them to apply what they • Nudges. Nudges can include sending reminders, using have learned. peer pressure, and providing incentives. For example, Face-to-face financial education is more likely to be regular, timely reminders about making a deposit can sustainable if it is integrated into existing programs with a help to flag the importance of saving as part of an indi- broader purpose. Face-to-face training can be expensive vidual’s routine financial decision-making process, to deliver as a stand-alone intervention. But if financial prompt individuals to take action, and encourage the education is integrated into initiatives with a broader pur- habit of saving. When paired with a pre-identified sav- pose, such as livelihood training for social protection ben- ings goal, reminders serve to highlight to individuals eficiaries, workplace training, or school curricula, it can be their original reason for delaying current consumption more affordable and reach large numbers of people. and help them to control their spending. Employers can incorporate nudges and reminders into their pay- Non-traditional delivery mechanisms incorporating be- roll systems. An experiment in the Philippines found havioral insights. Recent research examining financial that reminders from their bank increased the likelihood decision-making by people in poverty suggests that the of clients reaching a savings goal and increased the stress caused by coping with financial problems can total amount saved. Reminders that referred to the cli- severely reduce the cognitive ability to make better ent’s pre-stated savings goal were even more effective choices, potentially causing a negative feedback loop and in increasing the client’s savings.26 Other nudges can reinforcing the conditions that gave rise to poverty in the entail financial incentives, such as savings lotteries, first place.22 “Financial illiteracy and perverse behavioral which can make saving behavior more attractive by biases are two related but distinct aspects of the same giving savers a chance to win prizes. In Nigeria, a overall problem: poor financial decision-making.”23 national marketing campaign along with a lottery pro- Research has found that some financial capability pro- moted savings and resulted in improvements in sav- grams can be effective in changing financial behavior— ings behavior and the use of financial products over even if the financial literacy of the target participants has the short-term.27 not improved—by appealing to people’s emotions and sticking in their memories. Financial capability can be • Choice architecture. Changing default options from improved through a variety of different methods that take “opt in” to “opt out” harnesses the status quo bias for into consideration behavioral insights, including non-tra- positive results. An example is automated payroll ditional delivery channels and mechanisms, such as deductions that deposit directly into retirement edutainment, nudges, choice architecture, or technolo- accounts but allow individuals to stop the deductions gy-enabled solutions. at any time. The status quo bias means that individuals are unlikely to opt out of these deductions, so their • Edutainment. When financial education is fun and retirement savings will grow more than otherwise. entertaining, it can spark and hold participants’ inter- Employers can increase the likelihood that employees est. “Edutainment” combines educational content will contribute to a private pension scheme by making with entertainment to improve learning by making it pension deductions the default option, instead of more enjoyable. Dramas, stories, and other narrative requiring employees to actively opt in if they wish to devices that appeal to emotions can be effective tools Annex C: Financial Capability   231 contribute. Commitment devices, such as a savings change over the longer term.30 One-time interventions, product that restricts or penalizes withdrawals before a such as workshops, can have an impact in the short-term, specified date, are another example of leveraging but over time, these effects fade, and individuals revert to choice architecture to alter savings behavior. Research their former behaviors. Periodic reinforcement and lon- has demonstrated that there is significant demand for ger-term exposure to information is needed to sustain commitment savings products, and that those individ- knowledge and behavioral change. Financial capability uals who are more impatient—that is, more likely to be programs should aim to combine interventions with short- tempted by present consumption than by future term impact (for example, workshops, temporary financial gains—are the most likely to take up a commitment incentives) with tools and treatments to help individuals savings product.28 maintain positive behaviors over the longer term, such as commitment devices, reminders, embedded financial • Leveraging technology. The explosion of data created education, personalized financial tools that track people’s by social networks and mobile phone usage, substan- finances and their progress toward goals, and social net- tial improvements in the power of and decreases in work platforms. Financial education integrated into school the cost of computing, and advances in analytics, par- curricula and reinforced at home can also help to develop ticularly machine learning, have led to an increase in life-long positive financial habits starting at a young age. the use of artificial intelligence in the financial services industry.29 Examples of how artificial intelligence can Opportunities to practice skills. The application or prac- be deployed to help people make sound financial tice of new knowledge and skills can help individuals to decisions include automated financial advisors and build confidence and develop skills. For example, new planners. For instance, IBM Watson has developed a users of formal financial services may learn or practice virtual agent, Eva, that enables app users to complete how to use a service through their dealings with front-line transactions, such as transferring money and paying staff or bank agents. Simulators for automated-teller bills. Another example is smart wallets, such as Wallet. machines and mobile banking provide opportunities for AI, that can monitor and learn users’ habits and needs, individuals to learn how to transact safely when using dig- then alert and coach users to alter their personal ital financial services. Where feasible, practice should be spending and savings behavior. Such technology-en- integrated into the design of a program, so that people abled solutions hold promise to deliver real-time cus- can practice what they learned immediately through a tomized financial advice, calculations, and forecasts at real-life or simulated context. reduced costs based on users’ needs and habits, although the jury is still out on the long-term effective- Build on existing evidence base of effective programs. ness of these solutions to encourage positive behav- Where practical, programs that are included in an NFCS ioral change. should build on successful financial capability programs Financial education at “teachable moments”: Financial already being undertaken in a country. This can reduce capability programs should leverage so-called “teachable costs and increase the prospects that the programs will be moments”, those times in people’s lives when they are effective. However, it is important that the programs that facing important financial decisions and may be more are built on have genuinely been successful. Where possi- likely to be receptive to financial education. Teachable ble, opportunity should be taken to make improvements to moments can include when someone starts university or the content of the program or to the delivery mechanisms college, starts a new job, gets married, starts a family, that are used. Insights from effective financial capability starts a business, buys a home or a car, becomes eligible programs in other countries should also be considered. to join a pension scheme, prepares for retirement, or lives in retirement. Stakeholders more likely to reach people at Accreditation of financial capability initiatives. It can be such moments include government ministries and agen- helpful to introduce a system of accreditation of financial cies, such as social protection ministries that provide tar- capability initiatives, so that stakeholders and the general geted cash/electronic transfers when their beneficiaries population can be confident that the initiative can be need them the most, NGOs, financial service providers trusted. In Brazil, the National Committee for Financial that provide financial products around life events (for Education enables organizations that deliver financial example, savings products for children’s education, loans capability initiatives to apply for accreditation, which is to launch a business). granted if the initiative meets specific criteria, including if it incorporates appropriate educational principles, is inclu- Reinforcement. Results from recent WBG financial capa- sive, is provided free of charge, does not involve the com- bility programs point to how difficult it is to improve finan- mercial promotion of products or services, and incorporates cial capability among the poor via sustained behavioral an M&E methodology. 232   Good Practices for Financial Consumer Protection Online platform and database of financial capability sufficient staff to review every submission in detail, it does resources. The creation of an online platform and data- undertake some checks on website content and has base of financial capability resources enables financial edu- rejected submissions from financial service providers that it cation providers to gain access to a variety of resources. felt were commercial in nature (for example, an account The Financial Consumer Agency of Canada maintains the selector tool that points only to accounts from that pro- Canadian Financial Literacy Database, a comprehensive vider). In the United Kingdom, the Personal Finance Edu- list of resources, events, interactive tools, and information cation Group includes on its website descriptions of offered by financial education providers and a tool for resources that help those who teach young people about those involved in financial education to network and iden- money. It enables teachers to search for resources by both tify potential collaborations with other organizations. While topic and the age group at which the resource is aimed, the Financial Consumer Agency of Canada does not have and it includes links to many of these resources. BOX 7 Lessons Learned from Select Financial Capability Programs 1. Financial education in schools in Brazil. A large-scale finan- transfers in order to meet critical day-to-day needs and cial education program was designed and delivered to invest in the development of their families. The financial 26,000 secondary-school students in 900 schools. Initially education module also aimed to strengthen beneficiaries’ beginning with a pilot from August 2010-December 2011, understanding of relevant payment mechanisms, including the program has since been rolled out nationwide. The class- electronic payments.32 room training focused on a broad range of themes, including Preliminary findings/lessons learned from pilots: These saving, budgeting, and general financial management. A pilots demonstrated how financial capability programs can complementary workshop was offered to parents to involve be produced using little if any reading material, since it them in their children’s financial education. The content of relied essentially on oral content supported by audio and the textbook and materials in the program, which had been visual materials. They also showed how a continuous series designed by experts, was highly relevant to the students. of day-to-day life stories, presented in a series of sketches, The teaching staff were well trained and motivated with can cover various financial capability topics. incentives. The exposure to financial education was over a significant period of time (three academic semesters). 3. Edutainment through TV soap operas in South Africa. Findings/lessons learned: A study of the program found sig- Financial education messages on debt management were nificant increases in students’ financial proficiency scores integrated into the storyline of a popular prime-time soap and in their savings. Their intentions to save and financial opera, Scandal. The financial storyline, which ran for two autonomy also improved significantly. Parents experienced months in 2012, featured a leading character who borrows “trickle-up impacts” as well, showing significant improve- irresponsibly and finds herself in financial distress. ments in their financial knowledge, savings, and spending Findings/lessons learned: Viewers who watched the financial behavior.31 storyline showed significant improvements in their financial knowledge and behaviors around debt management. View- Integrating financial capability into government cash- 2. ers were more likely to borrow from formal sources and less transfer programs in West Africa. In Guinea, Liberia, and likely to engage in gambling or enter into hire purchase Sierra Leone, tailored financial education modules were (installment-plan) agreements. Qualitative focus groups with developed for recipients of social protection programs and viewers indicated that their emotional connection with the pilot tested in 2017. Modules were also developed to leading character was a key motivation in changing their enable their trainers to deliver financial education effec- behavior. Financial education messages delivered through tively. The financial education module aimed to enhance the leading character tended to be more memorable to the skills of beneficiaries to respond to income shocks, such viewers than when those messages were delivered by a new as the one caused by the Ebola crisis, proactively manage character developed specifically for the financial storyline their household finances, and make effective use of their and outside of the show’s normal cast of characters.33 Annex C: Financial Capability   233 D: MONITORING AND EVALUATION a. An M&E framework, covering both the NFCS as a whole as well as key financial capability programs, should be developed alongside the NFCS. b. The M&E framework should be published, either as part of the NFCS or separately. c. A national survey to measure financial capability should be conducted regularly (around every five years) to identify changes in the level of financial capability of the population over time and adjustments that may be needed to strategy priorities and programs. d. An annual review should be undertaken of the implementation of the NFCS. e. Before finalizing and launching a financial capability program, the program should first be tested through the use of focus groups and/or a small-scale pilot program. f. To the extent possible, strategically important, costly, and promising innovative programs should be rigorously evaluated prior to their national rollout to ensure that programs are rolled out only where there is evidence that they will achieve their intended impact. g. Where resources permit, the use of external evaluators should be encouraged. Explanatory Notes their financial knowledge, behaviors, and attitudes. Finan- cial capability indicators, developed from information col- M&E framework. A robust and well-planned M&E frame- lected by a national survey, should be used to create work will enable informed assessments to be made about benchmarks against which progress can be measured the effectiveness of the NFCS as a whole—including the over time. Simple indicators should be developed to impact on the overall population and on key target identify the percentage of the population with particular groups—as well as the effectiveness of individual financial attitudes and behaviors. For example, the WBG Financial capability programs. Increasing financial capability is a Capability and Consumer Protection surveys track the per- long-term endeavor, and it may take several years before centage of adults that plan how to use money they significant impacts emerge across the population. The receive, try to save for the future, or agree with statements M&E framework needs to track progress against the about not being impulsive.34 A national survey repeated objectives, activities, and outputs outlined in the action on a regular basis will enable progress toward NFCS plan to enable informed decisions to be taken on whether objectives and changes in the financial capability of the resources are well spent on effective programs. general population and of specific sociodemographic At the national level, the M&E framework should pro- segments to be measured over time. In Malawi, for exam- vide for the monitoring of activities undertaken by various ple, the national financial education strategy outlines key stakeholders and for the evaluation of overall progress in performance indicators for financial capability, based on meeting the objectives and priorities set out in the NFCS variables from a national financial capability survey and and action plan. An M&E framework encourages consis- the FinScope survey, and identifies specific indicators for tency in the type of data collected across a diversity of each priority target group in the strategy. programs, sectors, and stakeholders. The establishment of standard financial capability indicators, as well as guid- Annual review. It can be useful to develop a central data- ance and tools to stakeholders on how to collect data, will base of stakeholder initiatives, showing their target allow for easier and more effective comparison and analy- groups, geographic locations, the financial capability sis of program data and results. The M&E framework topics being addressed, and the results of evaluations. should provide for monitoring of the scope, scale, and The most recent national financial capability survey and quality of each financial capability program and an evalu- the central database of initiatives, together with consul- ation of which interventions work and which do not. tations with stakeholders, can then provide the basis for an annual review of implementation of the NFCS. The National financial capability survey and indicators. Finan- results of the annual review should be used to make cial capability surveys typically include questions relating appropriate changes to the NFCS as a whole and to indi- to people’s demographics and financial status, together vidual programs. with questions designed to provide information about 234   Good Practices for Financial Consumer Protection Testing/piloting proposed programs. Proposed financial initiatives should be continued (and perhaps scaled up) education programs should be tested with members of and which should be modified or discontinued. the target audience before they are finalized and rolled Program evaluations should be rigorously designed out. Possible methods include focus groups35 and pilot to ensure that they answer critical questions, such as projects. Testing helps to improve the design and delivery what impact the program had and the key factors in of the program and to establish whether changes need to achieving that change. The World Bank developed a tool- be made before the program is rolled out. For example, kit that provides practical guidance for the evaluation of even though a communication has been designed to be financial capability programs in low- and middle-income clear and simple, feedback from members of the target countries.37 The OECD has also developed high-level audience may well be that the communication needs to principles and guidance on the evaluation of financial be made even simpler. Before embarking on a pilot pro- education programs.38 Depending on available resources, gram or other small-scale delivery, it is also good practice countries may need to be selective about which financial to consider first whether it is realistic to expect that if the capability initiatives are subjected to rigorous evaluation. program proves to be effective, it is possible to scale up Selection criteria should include strategically important so that it reaches significant numbers of people. If it is not programs (for example, national school-based programs), practical to scale up, then the pilot is not an efficient use costly programs that could potentially be scaled up, and of resources. promising innovative interventions that have never before been tested. Rigorous evaluations. To date, robust evidence on which types of financial education programs and interventions External evaluators. Using external evaluators helps to are the most effective is limited. More rigorous evaluation provide credibility, specialist skills, and independence. is needed to determine the efficacy of different types of When choosing external evaluators, consideration should financial education or financial capability programs. Coun- be given to whether they have appropriate levels of famil- tries such as Australia, Malaysia, and the United Kingdom iarity with each element of the program, including the are making efforts to collect data and build a body of evi- subject matter, delivery method, and target group. Similar dence from the programs in their countries.36 Initiatives consideration should be given to the evaluators’ skills and should be evaluated to assess their impact on those peo- experience as an evaluator, including their ability to report ple they are intended to reach. This can help policy mak- the evaluation findings in a manner that is accessible to all ers and funders decide, on an informed basis, which key stakeholders.39 NOTES 1. “Financial Capability Surveys around the World: Why measuring-financial-capability-a-new-instrument-and- Financial Capability Is Important and How Surveys Can results-from-low-and-middle-income-countries-summary. Help” (World Bank Group, August 2013). pdf. 2. “Recommendation on Principles and Good Practices for 9. Responsible Finance: Financial Capability and Consumer Financial Education and Awareness” (OECD, 2005). Protection, http://responsiblefinance.worldbank.org/ 3. “Financial Education Programs and Strategies: Approaches publications/measurement-and-impact-evaluation. and Available Resources” (World Bank, January 2014). 10. “Russia-OECD-World Bank Financial Literacy Programme,” 4. See Annamaria Lusardi and Olivia S. Mitchell, “The http://www.oecd.org/daf/fin/financial-education/ Economic Importance of Financial Literacy: Theory and russia-oecd-world-bank-financial-literacy.htm. Evidence,” Working Paper 18952 (National Bureau of 11. “Making Sense of Financial Capability Surveys around the Economic Research, April 2013). World: A Review of Existing Financial Capability and 5. “OECD/INFE High-Level Principles on National Strategies Literacy Measurement Instruments” (World Bank, 2013). for Financial Education” (OECD, August 2012). 12. FinScope, http://www.finmark.org.za/finscope/. 6. “Global Responsible Financial Inclusion Survey” (World 13. “Financial Education Programs and Strategies: Approaches Bank Group, forthcoming). and Available Resources.” 7. Typically, these include youth, women, low-income groups, 14. See “Integrating Financial Capability into Government and the elderly. See National Strategies for Financial Transfer Programs: A Practical Toolkit” (World Bank, Education: OECD/INFE Policy Handbook (OECD, 2015), 13. forthcoming). 8. Elaine Kempson, Valeria Perotti, and Kinnon Scott, 15. “About HERfinance,” https://herproject.org/herfinance. Measuring Financial Capability: A New Instrument and 16. ASIC’s MoneySmart, www.moneysmart.gov.au/. Results from Low- and Middle-Income Countries (Interna- 17. Sorted, sorted.org.nz/. tional Bank for Reconstruction and Development and the 18. Andrea Grifoni and Flore-Anne Messy, “Current Status of World Bank, 2013), available at http://pubdocs.worldbank. National Strategies for Financial Education: A Comparative org/pubdocs/publicdoc/2015/6/942081434378248135/ Analysis and Relevant Practices,” Working Papers on Annex C: Financial Capability   235 Finance, Insurance and Private Pensions 16 (OECD, 2012). 30. Vincenzo Di Maro, Aidan Coville, Siegfried Zottel, and 19. “OECD/INFE High-Level Principles on National Strategies Felipe Alexander Dunsch, “The Impact of Financial Literacy for Financial Education.” through Feature Films: Evidence from a Randomized Experiment in Nigeria” (Financial Literacy and Education, 20. See also “OECD/INFE Guidelines for Private and Russia Trust Fund, 2013). Not-for-Profit Stakeholders in Financial Education” (OECD, November 2014). 31. Miriam Bruhn, Luciana De Souza Leão, Arianna Legovini, Rogelio Marchetti, and Bilal Zia, “Financial Education and 21. “Personalizing Information to Improve Retirement Savings Behavior Formation: Large Scale Experimental Evidence in Chile: Study Summary” (Innovations for Poverty Action, from Brazil,” World Bank Working Papers (World Bank, 2016), available at http://www.poverty-action.org/ 2013). printpdf/7686. 32. “Integrating Financial Capability into Government Cash 22. Frank Schilbach, Heather Schofield, and Sendhil Mullaina- Transfer Programs to Enhance Financial Inclusion” (World than, “The Psychological Lives of the Poor,” American Bank, forthcoming). Economic Review 106, no. 5 (May 2016), 435–40. 33. Gunhild Berg and Bilal Zia, “Harnessing Emotional Connec- 23. Joanne Yoong, “Can Behavioural Economics Be Used to tions to Improve Financial Decisions: Evaluating the Impact Make Financial Education More Effective?” in Improving of Financial Education in Mainstream Media,” Policy Financial Education Effectiveness through Behavioural Research Working Paper 6407 (World Bank, April 2013). Economics: OECD Key Findings and Way Forward (Financial Literacy and Education Russia Trust Fund, 34. “Making Sense of Financial Capability Surveys around the June 2013). World.” 24. Mattias Lundberg and Florentina Mulaj, eds., “Enhancing 35. Focus groups are small groups of people who participate in Financial Capability and Behavior in Low- and Middle- a facilitated discussion about, for example, their attitudes Income Countries” (World Bank, 2014), available at https:// to particular personal finance issues and the best ways of openknowledge.worldbank.org/handle/10986/20085. providing financial education. 25. Peter Tufano, Timothy Flacke, and Nicholas W. Maynard, 36. “Selecting Desired Outcomes for National Financial “Better Financial Decision Making among Low-Income and Capability Strategies” (World Bank, forthcoming). Minority Groups,” Working Paper WR-795-SSA (Financial 37. Joanne Yoong, Kata Mihaly, Sebastian Bauhoff, Lila Literacy Center, October 2010). Rabinovich, and Angela Hung, “A Toolkit for the Evaluation 26. Dean Karlan, Margaret McConnell, Sendhil Mullainathan, of Financial Capability Programs in Low- and Middle-In- and Jonathan Zinman, “Getting to the Top of Mind: How come Countries” (International Bank for Reconstruction Reminders Increase Savings,” available at http://www. and Development and the World Bank, 2013). povertyaction.org/sites/default/files/publications/ 38. “Evaluating Financial Education Programmes: Survey, getting-to-the-top-of-mind.pdf. Evidence, Policy Instruments and Guidance” (OECD, 27. Lundberg and Mulaj, eds., “Enhancing Financial Capability 2013), available at http://www.oecd.org/daf/fin/financial- and Behavior in Low- and Middle-Income Countries.” education/evaluatingfinancialeducationprogrammes.htm. 28. Lundberg and Mulaj, eds., “Enhancing Financial Capability 39. See “INFE High-Level Principles for the Evaluation of and Behavior in Low- and Middle-Income Countries.” Financial Education Programmes” (OECD/INFE, 2012), available at http://www.oecd.org/daf/fin/financial- 29. Artificial intelligence can be defined as the theory and education/evaluatingfinancialeducationprogrammes.htm. development of computer systems able to perform tasks that normally require human intelligence, such as speech recognition, decision making, and so forth.