Advancing Financial Inclusion in Nigeria

Sabahat Iqbal
21 Dec 2017
By Sabahat Iqbal

Nigeria is one of 25 priority countries for the World Bank Group’s Universal Financial Access Goals to reach 1 billion adults worldwide by 2020, women and men alike –enabling access to a transaction account or an electronic instrument to store money, send payments and receive deposits as a basic building block to manage their financial lives. According to the latest Global Findex report available, 44.2% of adults in Nigeria have an account at a financial institution. As of August 2017, IFC had US$19.1 million committed to Nigerian MFIs constituting 1.6% of the US$832 million total IFC commitment to Nigerian financial institutions. IFC is also keen to leverage technology to reduce costs and help clients to diversify their product offerings. Globally, as of June 2017, IFC had invested nearly US $500 million into 40 companies and has 50 active projects offering advisory services in companies adapting to or expanding digital services.

Responsible Finance and Enhanced Risk Management

 IFC’s mission is to support effective, responsible, inclusive financial intermediaries and leverage them to meet development impact and financial sustainability goals. IFC, in collaboration with the implementing partners of the Gates Foundation –The Lagos Business School, Business Day, and Microsave—jointly delivered the Financial Inclusion Conference on December 5th 2017 in Lagos, Nigeria. The event brought together over 300 digital financial services experts, industry researchers, donor agencies, legal practitioners, private sector players, entrepreneurs and members of the national assembly. IFC clients such as Grooming Centre and Interswitch, presented their operational experiences in responsible microfinance and digital financial services –as a long-term strategic approach for Nigeria’s path for resilient and sustainable growth. A central theme was the need for enhanced risk management approaches, one that involves operationalizing consumer protection and financial education based on the G20 High Level Principles for Digital Financial Inclusion and the Smart Campaign’s Client Protection Principles. In 2016, Grooming Centre was the first microfinance institution in the Africa Region to achieve Certification by the Smart Campaign.

Eme Essien Lore, the IFC Country Manager, kicked off the event by remarking on the need for deeper collaboration.

Today, the role  of banks and microfinance institutions remain essential, if not more so. To effectively guide their institutions, many will need to deepen their core traditional tools and introduce new ones to achieve sustainable growth.” She challenged the audience to think beyond the constraints of limited connectivity, regulatory hurdles, and vested interests in order to serve the needs of all Nigerians.

New Insights for Nigeria’s Path for Financial Inclusion

The Lagos Business School launched the latest iteration of their annual Digital Financial Services State of the Market Report which laid out the latest insights on the financial inclusion space in Nigeria and examined some of the key policies and regulations that will affect the further promotion of financial inclusion. The report cites that the while active mobile money usage went up by a factor of 10, the percentage of banked adults went down by 6 percentage points in 2016 to 41.1% from the previous year. As the author, Olayinka David-West, cited in a statement to the trade journal, Financial Technology, “…the levers of [financial inclusion] fall across three pivotal nodes…the consumer (demand), provider (supply) and government (institutions)…” and all three have to be engaged with before we can see a revitalization of these statistics. In addition, Microsave launched the latest Agent Network Accelerator report for Nigeria which identified the opportunities for scaling up digital financial services and any progress on the recommendations from previous report. The report looks very closely at the emergence of agent banking services from traditional banks and the key strategic shifts, including in organizational structure, that will have to be made in order to fully embrace the benefits of this alternative banking channel.

Driving Inclusion with Digital Financial Services

There were several important take-aways from the conference including an agreement that addressing the risks that impact both DFS consumers and providers are critical for the success of Nigeria’s broader financial inclusion efforts. The level of awareness for digital financial services is low in Nigeria given that current efforts of digitalization are reaching only the existing customer base. Compelling use-cases are important to driving up awareness and usage as many existing mobile wallets accounts are unused causing people to quickly switch back to cash. The right product design is also important to reach the excluded and should account for their lifestyles. The panelists reaffirmed the great potential of the role of microfinance and digital finance in Nigeria to achieving broader financial inclusion. Agent banking was recognized as a critical channel for driving financial inclusion into the foreseeable future however given current constraints, this will require a new mindset and greater public-private sector collaboration for interoperability. Key will be delivering on core aspects of consumer protection and customer trust. These include: transparency in pricing through financial awareness, data privacy and security, better customer services to handle recourse and for tailoring products and services.

About IFC
IFC, a member of the World Bank Group, is the largest global development institution focused on the private sector in emerging markets. Working with more than 2,000 businesses worldwide, we use our capital, expertise, and influence to create markets and opportunities in the toughest areas of the world. In FY16, we delivered a record $19 billion in long-term financing for developing countries, leveraging the power of the private sector to help end poverty and boost shared prosperity. For more information, visit

Interactive Dashboards: A Tool to Improve Operations for Data Driven Organizations

Soren Heitmann, Oleksiy Anokhin
21 Dec 2017

By Soren Heitmann and Oleksiy Anokhin


Collecting increasing amounts of data every day, players on the global market face new challenges in interpreting, visualizing, and communicating information for meaningful data-driven decisions. A fast-growing demand for simple and effective visualization products pushes market participants to pay greater attention to interactive visualization tools, allowing for a holistic picture of everyday activities, results, and lessons learned. This need exists in many sectors, but it is especially relevant for financial-sector firms, where good data management and reporting are critical to delivering the principles of responsible finance.

This case illustrates this point, demonstrating how IFC Advisory Services client MicroCred Senegal is using data-driven dashboards to improve their operations and better serve their clients responsibly.  This case shows how these types of tools increase effectiveness and transparency of decision-making and performance communication to customers, partners and other key stakeholders.  These lessons are broadly applicable to institutions exploring new methods and tools for improving responsible finance, and should not be considered specific only to microfinance institutions.

Dashboards allow organizations to summarize and visualize data in a simple and intuitive way

MicroCred S.A. is a microfinance network focused on financial inclusion across Africa and Asia. In Senegal, it operates a growing microfinance business offering financial services to people who lack access to banks or other financial services. Reach has been extended across the country by creating a network of over 500 DFS agents. The agent’s Point of Sale (POS) POS devices can perform both over-the-counter (OTC) transactions for bill payments and remittances, and also facilitate deposit and withdrawals to MicroCred accounts. Transaction confirmation is provided through SMS receipt. By late 2016, nearly one third of customers had registered their account to use the agent channel, and over one quarter were actively using agent outlets to conduct transactions. This generated significant operational and channel performance data.

MicroCred’s case is illustrative for broader audiences because it was an early adopter of next-generation data management systems.  In 2012, they implemented BIME, a visualization tool to help optimize operations. It enabled them to develop interactive dashboards, tailored to answer specific KPIs and operational questions. MicroCred most frequently uses two dashboards:

Daily Operations Dashboard: This gives a daily perspective on the savings and loan portfolios, highlighting any issues. It presents data over a three-month period, but can be adjusted according to user needs. This dashboard uses automated alerts to warn the operations team of potential problems. The reports, customized for operational teams, include measures such as:

  • Tracking KPIs, including transaction volumes, commissions and fees
  • Agent activity, with alerts to show non-transacting and underperforming agents
  • Suspicious activity and potential fraud alerts, such as unusual agent or customer activity
  • Monitoring of DFS enrollment process, with focus on unsuccessful enrollments
  • Geographical spread of transactions

Monthly Strategic Dashboard: This gives a longer-term, more strategic view and is mainly used by the management team to visualize more complex business-critical measures. It was developed to consider behavior over the customer lifecycle, including how usage of the service evolves as customers become more familiar with both the technology and the services on offer. It is also possible to easily perform ad hoc analyses to follow up on any questions raised by the data presented in the dashboards. It focuses on:

  • Usage of MicroCred branches versus agents
  • Customer adoption and usage of DFS
  • Deployment of the DFS channel
  • Evolution of fundamental KPIs versus long-term goals.

With visualization tools like BIME, it is simple to create graphs to illustrate operational data, making it easier to spot trends and anomalies, and to communicate them effectively. Implementing the data management system also presented some challenges, both technical and cultural. MicroCred recommends that a step-by-step approach is adopted, starting with some basic dashboards, and building up over time to more sophisticated dashboards.


The MicroCred example illustrates how dynamic dashboards can improve responsible finance goals.  Such as through improved fraud detection and monitoring in the case of MicroCred’s daily dashboard; or insights from the strategic dashboard to ensure that performance KPIs are meeting activity growth targets on the digital channel.  More comprehensive methods in the analysis and visualization of data also improve external communication, delivering clear messages to targeted audiences, and may support financial education campaigns.  The complexity of visualization methods may vary significantly, yet they all share the same purpose: analyzing raw data, summarizing its most meaningful results, and demonstrating the main outputs and outcomes, allowing the team to tell a story about the operation and its impact.  And ultimately, to help firms better understand and serve their customers.

Adapted from a case study presented in the Data Analytics and Digital Financial Services Handbook (June, 2017), this post was authored by Oleksiy Anokhin, IFC-Mastercard Foundation Partnership for Financial Inclusion, for the Responsible Finance Forum Blog December, 2017.



Fintech in Microfinance: In Search of the High-Tech High-Touch Unicorn?

Todd A. Watkins, Paul DiLeo, Anna Kanze, and Ira Lieberman
20 Dec 2017

By Todd A. Watkins, Paul DiLeo, Anna Kanze, and Ira Lieberman

Fintech is a shiny attractor for impact investors. Emerging financial technologies shimmer with disruptive potential for the delivery of a wide array of financial, educational, health, and social services for the poor. While microfinance still makes up a major share of impact investing portfolios, many investors appear to have moved on to fintech, the next wave of creative destruction. Rather than be toppled by it, microfinance institutions (MFIs) look to ride that wave too, to extend reach, reduce costs and prices, improve and deepen client services, and improve risk management.

Fintech, whether new digital services or proprietary software used to evaluate and underwrite credit, brings glittery potential for MFIs, no question. But in fairy tales unicorns glitter too. Are MFIs chasing something equally illusory? Microfinance has decades of success growing and strengthening a high-touch business model. As growth slows, should MFIs now abandon that approach and use high-tech to go low-touch for cost efficiency? If MFIs stay their course, will they be overtaken by new entrants with new models, like Chinese online peer-to-peer lender Yirendai, which went IPO on the New York Stock Exchange last year? Or instead, will MFIs find innovative high-tech ways to further leverage their deep relationships with clients and understanding of client needs?

These were among the questions for 32 microfinance and impact investing participants and analysts from around the world who convened last month, hosted by Lehigh University’s Martindale Center, with support from the Calmeadow Foundation and the Financial Inclusion Equity Council (of which CFI is the secretariat).

The group broadly agreed that sticking with core competencies is very often sound advice. Additionally, several participants challenged the group by asking: has anyone yet seen a scalable, investible, high-tech, and high-touchfinancial inclusion unicorn? Mobile payments networks like M-Pesa and BiM are high-tech, but decidedly low-touch delivery channels. Low-touch too are big data algorithms like those of Yirendai and its corporate parent CreditEase used for automated credit scoring and risk management. However, as digital financial technologies like these mature, will base of pyramid (BoP) financial customers still need high-touch MFIs? As fintech-driven models become more sophisticated, can MFIs hope to deliver anything that technology sophisticated telecoms and global commercial banks can’t?

Turns out MFIs, clients, and even global banks themselves demonstrably think the answer is Yes, plenty. For example, the large Spanish multinational bank BBVA acquired and consolidated a number of MFIs in Peru and elsewhere in Latin America. Recognizing that as a global bank they had limited understanding of BoP client needs—and that, as one board member put it, “relationships matter”—BBVA keep their microfinance group administratively separate. They are, however, bringing the tech depth of the global bank to bear in the microfinance segment. For example, they have put forth a major push to bring things like handheld mobile connectivity, big data algorithms, and split second automation to roving microfinance field officers for use during meetings with clients. One key aim is to enable hyper-personalized product design, instantly tailored to widely diverse needs and situations of individual clients and their families. The vision: technology as a complement to high-touch relationships, not a substitute. The goal is to use both technology and the relationship to deliver greater value to the client—improving financial literacy, building a financial life beyond credit, providing investment and business-strengthening advice, and pointing the client towards relevant non-financial services like health, agriculture extension, or business planning.

Clients, voting with their feet and wallets, also clearly value high-touch. A recent study by the Microfinance Information Exchange (MIX) on alternative financial services delivery channels found that even where tech, like mobile banking and ATMs, had expanded clients’ access to financial services, the fraction of active clients actually using those services is below 10 percent. It appears that people prefer dealing with people. Clients use banking agents—often non-staff individuals under contract in their communities—more than any other alternative delivery channel. And it’s a virtuous cycle: agents create the largest number of new touchpoints that become available to clients. In part this reflects the fact that fully automated transactions are a blunt instrument: ATMs are great at dispensing cash, but not so good at answering questions or responding to individual circumstances.

Similarly indicative, the value of client transactions at physical branches remains 30 to 60 times greater than at any other kind of point of service. High-tech may facilitate routine tiny transactions, lubricating the cash flows of daily life, but can’t substitute for client preferences for high-touch on big ticket transactions. Designing and creating superior options for these latter big ticket needs—saving for weddings and school fees, enabling microenterprise capital investments, weathering long illnesses, paying for funerals and solar lamps—is fundamentally at the core of microfinance’s value to the poor.

Despite broad agreement among workshop participants on the potential of fintech in microfinance, there was also significant unease about many MFIs’ abilities to effectively embrace it. It took decades of iteration and experience for leading MFIs to scale and achieve operational sustainability with their low-tech, high-touch model. Committing to high-tech introduces an entirely different set of skill requirements and partners for MFIs, and undoubtedly will bring a host of unforeseen new problems requiring experimentation to overcome. Yet given the pace at which new entrants are flocking into BoP financial services—thanks to MFIs proving the profit potential­—MFIs don’t have the luxury of decades to work out kinks this time around.

Are MFI budgets, or innovation management skills, or staff recruiting and training systems, or supply chains, up to the task? Are MFI leaders and governance boards fully on-board, and are they knowledgeable enough to drive tech-embracing changes? Will impact investors—tempted by shiny new things elsewhere—see their way to funding the experimentation, infrastructure, and institutional capacity-building needed? Are these critical actors – management, directors, investors – able to keep their heads and take the time to think through how their MFI business model can uniquely deliver value to the client, and what elements can be restructured or ceded in the face of new technologies and new entrants?

Another area of concern centered around the potential for fintech to exacerbate the digital divide. Cheap 2G/SMS mobile is everywhere, and mobile payments are already ubiquitous in some places. Yet it’s also clear, as outlined in the recent paper from CFI Fellow Leon Perlman, that the infrastructure needed for smart phone-based (and hence more elaborate) digital financial services is not. Deep penetration of smartphones or reliable broadband internet remain a long way off for most of the world’s poor. In this context, it is well worth noting that compared to disruptive but infrastructure-reliant low-touch fintech entrants, MFIs are much better positioned to deliver high-tech services while mitigating the digital divide. Yirendai’s automated credit decisions scour the web and other sources to dig up information to score borrowers and enable direct peer-to-peer transactions, but they require digital footprints and robust digital access on both sides. Kiva’s main quasi-peer-to-peer lending model still relies on MFI relationships with clients. As some observers have noted, when the digital footprint is light, as is often the case with BoP clients, one-size-fits-all underwriting results in collateral damage with a high incidence of borrowers blacklisted after failing to repay a small “tester” loan.

High-touch MFIs also have a significant advantage as last mile delivery channels for complementary services like health services, empowerment training, or sale and distribution of cookstoves. Pro Mujer in Latin America did half a million chronic illness screenings for clients in the same places they go for microfinance services. Kenya’s impact-venture-capital-backed BURN Manufacturing partners with MFIs to finance and distribute cookstoves that save poor clients $200 annually in charcoal, improve their health, and cut carbon emissions.

Most importantly, long-term proximity to clients affords MFIs a window into the lives, needs, and dreams of the hundreds of millions of poor individuals they serve. Without that understanding, better designed, more tailored, higher impact products and services won’t come, no matter the tech. Commodified products will always be the driver behind fintech, but also will exclude as much as include. Microfinance first succeeded by devoting decades to exploring ways to deliver credit with a priority on inclusion. Some would argue that this has at times gone too far, but the revolutionary innovation remains: most poor people, like everyone else, can use credit productively and responsibly.

Exploiting fintech opportunities in microfinance won’t come easy, but MFIs that fail to search for the unicorn risk succumbing to nimbler competitors, or at minimum, will offer their clients suboptimal, lower impact services. At the same time, impact investors need to restrain their infatuation with the latest Bright Shiny Object and have the patience and discipline to help fuel the same sort of experimentation and capacity building that brought microfinance to the forefront of impact investing to begin with. This thoroughbred, horned or otherwise, has the pedigree and legs for the long haul. Bet on it.

Todd A. Watkins is Professor of Economics, and Executive Director of the Martindale Center for the Study of Private Enterprise at Lehigh UniversityAnna Kanze and Paul DiLeo are Investment Managers at Grassroots Capital Management, PBC. Ira Lieberman is President of LIPAM International.

Note: This post was originally published on the Center for Financial Inclusion website.

Data Privacy and Consumer Protection: Anonymizing User Data is Necessary, and Difficult

Soren Heitmann
29 Nov 2017

by Soren Heitmann

Next generation data analytics are driving innovative products, services and new FinTech business models.  Many of these products draw on individual consumer data.  Responsibly managing data privacy and ensuring consumer data protection is critical to mitigate operational and reputational risks.  In many markets, regulators are still catching up.  Unfortunately, many innovators identify risks after it is too late.  This post explores the issue of data anonymization and encryption.  Three cases identify different ways in which individually identifying data was exposed, even though providers took steps to anonymize and encrypt identifying information.

Difficulties in Anonymizing Data are Well-Documented
In 2006, America Online (AOL), an internet service provider, made 20 million search queries publicly available for research. People were anonymized by a random number.  In a New York Times article, journalists Michael Barbaro and Tom Zeller describe how customer number 4417749 was identified and subsequently interviewed for their article. While user 4417749 was anonymous, her searches were not. She was an avid internet user, looking up identifying search terms: ‘numb fingers’; ‘60 single men’; ‘dog that urinates on everything’. Searches included people’s names and other specific information including, ‘landscapers in Lilburn, Georgia, United States of America’. No individual search is identifying, but for a sleuth – or a journalist – it is easy to identify the sixty-something women with misbehaving dogs and nice yards in Lilburn, Georgia. Thelma Arnold was found and affirmed the searches were hers. It was a public relations debacle for AOL.

Another data breach made headlines in 2014 when Vijay Pandurangan, a software engineer, de-anonymized 173 million taxi records released by the city of New York for an Open Data initiative. The data was encrypted using a technique that makes it mathematically impossible to reverse-engineer the encrypted value. The dataset had no identifying search information as in the case of Arnold above, but the encrypted taxi registration numbers had a publicly known structure: number, letter, number, number (e.g., 5H32). Pandurangan calculated that there were only 23 million combinations, so he simply fed every possible input into the encryption algorithm until it yielded matching outputs. Given today’s computing power, he was able to de-anonymize millions of taxi drivers in only two hours.

Netflix, an online movie and media company, sponsored a crowdsourced competition challenging data scientists to improve by 10 percent its internal algorithm to predict customer movie rating scores. One of the teams de-anonymized the movie watching habits of encrypted users for the competition. By cross-referencing the public Internet Movie Database (IMDB), which provides a social media platform for users to rate movies and write their own reviews, users were identified by the patterns of identically rated sets of movies in the respective public IMDB and encrypted Netflix datasets. Netflix settled lawsuits filed by identified users and faced consumer privacy inquiries brought by the United States government.

Properly anonymizing data is very difficult, with many ways to reconstruct information. In these examples, cross-referencing public resources (Netflix), brute force and powerful computers (New York Taxis), and old-fashioned sleuthing (AOL) led to privacy breaches. If data are released for open data projects, research or other purposes, great care is needed to avoid de-anonymization risks and serious legal and public relations consequences.

There are many good reasons to provide access to data.  Academic research may seek to provide access for peer reviewers.  Firms may crowdsource innovative techniques to solve problems.  Products may provide public Application Programming Interfaces (APIs) to enable derivative services.  Consider first if needs can be met without providing any identifiable information.  Understand unstructured data, such as user-generated memo fields and information it could contain, like names or places; and if so, consider if these notes, when grouped together, might be attributed to a specific individual.  Where encryption is required, ensure industry standards are used; but also add-in randomly generated information to each identifier.  This is known as a salt, and can eliminate risks of unlocking entire datasets with a single key.  Much has been written on how to anonymize data.  The first thing to remember is that it is not a trivial task and it should be undertaken after purposeful planning and in consideration of the data at hand.

Note: Adapted from a case study presented in the Data Analytics and Digital Financial Services Handbook (June, 2017).  This post was authored by Soren Heitmann, IFC-Mastercard Foundation Partnership for Financial Inclusion, for the Responsible Finance Forum Blog November, 2017.


Advancing Responsible Finance in Myanmar

Lory Camba Opem and Ricardo Garcia Tafur
28 Nov 2017

By Lory Camba Opem and Ricardo Garcia Tafur

IFC’s mission is to support effective, responsible, inclusive financial intermediaries and leverage them to meet development impact and financial sustainability goals.  Myanmar is one of the top 25 priority countries in the World Bank Group’s Universal Financial Access initiative to expand access to one billion of the world’s unbanked by 2020.  For Myanmar, this goal entails increasing financial inclusion from 30 percent in 2014 to 70 percent by 2020. Advancing responsible finance is a cornerstone to ensuring that people have sustainable and affordable means to manage their financial lives.  As such, IFC has played a proactive role in promoting responsible finance globally through knowledge sharing initiatives such as the G20/Global Partnership for Financial Inclusion, and the Responsible Finance Forum. IFC also supports microfinance institutions committed ongoing efforts to implement the Smart Campaign’s Client Protection Principles.

Responsible microfinance is a core value-add and manages risks
Responsible microfinance is a core value-add that implements essential business practices to protect clients and builds their confidence when using microfinance products and services.  Maintaining customer trust is ultimately critical, for it enhances credit and operational risk management.   Customer trust further empowers lower income people, in particular the rural poor to make better financial decisions. Microfinance institutions empower their clients when they increase financial awareness through: transparent pricing, disclosure of terms and conditions in local/simple language, offering the right products based on clients’ needs; providing customer services for resolving complaints and preventing over-indebtedness.  This is a dynamic relationship that can be mutually reinforced between these clients and their microfinance providers, for example: understanding customer needs informs product design and rollout that can be integrated in risk management frameworks.  This ongoing process builds client loyalty and institutional resiliency; as well as longer term stability of the microfinance sector.

Myanmar’s path to responsible financial inclusion
Myanmar is well positioned to harness global best practices and strategically avoid crises of confidence, which befell the global microfinance industry over the last decade –in Bolivia, India, Nicaragua, among others.  Myanmar’s relatively nascent microfinance sector allows it to create a more resilient path for itself and particularly for 70% of its rural poor and underserved without access to formal financial services.  Having expanded to over 200 microfinance institutions since microfinance legislation was passed in 2012, Myanmar has demonstrated it is a dynamic sector.  Yet capturing the opportunities that microfinance brings will require a comprehensive understanding of potential risks to its clients, for the institutions themselves and the broader financial sector. The evolving digital finance landscape further introduces a more competitive environment.  Myanmar’s microfinance regulations reflect the relevance of responsible finance, particularly in the Notifications on Consumer Protection by the Microfinance Business Supervisory Committee.  The client protection principles resonate, as it focusses on: preventing over-indebtedness, responsible pricing, fair and respectable treatment of clients and data privacy.  How to pragmatically implement these principles in practice will require persistent focus as the microfinance sector matures, and a commitment at the top by microfinance institutions and their leadership.

IFC’s Responsible Microfinance Training series
Due to the current context of Myanmar Microfinance sector, Responsible Finance will be one of the most relevant topics. In October 16, 2017, IFC, in collaboration with the Myanmar Microfinance Association,  launched a monthly training series over the next 6 months to build capacity for responsible business practices and promote financial consumer protection through knowledge sharing activities with regulators and industry players.  The training series further reinforces IFC’s earlier advisory initiatives in Myanmar to enhance institutional capacities and mitigate lending risks at the industry level. It also adds to IFC efforts on building the financial infrastructure in Myanmar, which has involved supporting the development of a central credit bureau expected to be launched later this year following the issuance of a landmark IFC-supported credit reporting regulation in March 2017.    IFC’s advisory training initiative is in line with IFC’s recent investment financing package of $13.5 million to local microfinance institutions to help meet Myanmar’s critical credit needs and unlock the country’s economic potential of the rural sector and small enterprises.

Targeting development results
IFC’s ongoing investments and advisory work are helping to provide much needed financing to increase productivity and create jobs, incomes and prosperity for a significant number of low income people in the country.  To complement these efforts, the responsible finance advisory training program in Myanmar will enable IFC to further improve client protection, financial education and transparency in lending policies for MFIs in Myanmar, which are ultimately serving thousands of micro enterprises, lower income households and women in rural and urban areas. These clients will benefit from more appropriate products and services that meet their needs, coupled with responsible finance practices that seek to ensure adequate consumer protection.

About IFC
IFC, a member of the World Bank Group, is the largest global development institution focused on the private sector in emerging markets. Working with more than 2,000 businesses worldwide, we use our capital, expertise, and influence to create markets and opportunities in the toughest areas of the world. In FY16, we delivered a record $19 billion in long-term financing for developing countries, leveraging the power of the private sector to help end poverty and boost shared prosperity. For more information, visit

Stay Connected\ifc_org

GPFI members came together in Washington for the last Meeting under Germany’s G20 Presidency

28 Nov 2017

The GPFI held its 3rd Meeting under the German G20 Presidency on 12 October 2017 in Washington D.C. The German Presidency presented the relevant financial inclusion results of the G20 Hamburg Summit and the incoming Argentine Presidency introduced planned GPFI priorities for 2018 and discussed these with GPFI members. Furthermore, the stocktaking study “Financing for SMEs in Sustainable Global Value Chains” was launched at the GPFI Meeting.

GPFI members agreed on renewing and confirming the mandate of the Temporary Steering Committee (TSC) on “Financial Inclusion of Forcibly Displaced Persons”. The TSC will lead the process of developing a roadmap for ‘sustainable and responsible financial inclusion of forcibly displaced persons’ by 2018 as requested by the G20 leaders in the G20 Hamburg Action Plan.

Data protection in digital financial services was another key topic addressed during the GPFI Meeting. The GPFI members discussed financial consumer protection and data privacy in the light of the G20 High-Level Principles for Digital Financial Inclusion and the results of the 2017 Responsible Finance Forum.

The Subgroups also discussed how to reflect the Argentine priorities in their work and took concrete steps to finalize the GPFI Subgroup Terms of Reference.

To review the summary proceedings from the 2017 G20 Global Partnership for Financial Inclusion Forum, please click here.

Note: This post was originally published on the GPFI website.


Information Disclosure and Demand Elasticity of Financial Products: Evidence from a Multi-Country Study

Sabahat Iqbal
31 Oct 2017

According to The Smart Campaign’s Client Protection Principles, all socially responsible financial institutions should be committed to transparency of pricing and other terms and conditions of all their financial product offerings by communicating “…clear, sufficient and timely information in a manner and language clients can understand so that clients can make informed decisions”.

Failure to follow this principle can lead to a decrease in customer uptake from the lower income segments as customers may feel intimidated by the complexity of marketing information explaining the various products. In addition, even if the customer has no trouble understanding the terms and conditions, the advent of new digital-only channels may necessitate the need for condensed yet comprehensive disclosures so that they are accessible on even a basic phone.

Most financial service providers understand the balance they have to strike between simplifying disclosures for clients so that they are understandable and legible and ensuring that they allow customers to make informed financial decisions. A recent study helps shed more light on this by evaluating the extent to which simplified and standardized disclosures can help customers more effectively comparison shop for credit products and make more informed financial decisions.

One of the recommendations for regulators includes not only standardizing the content of the disclosures but also the standardizing the format of the disclosures. The Bank of Ghana was cited as one regulator that has recently made headway in mandating this kind of standardization. In addition, another important take-away for regulators is how to set up a laboratory-based approach for experimenting with different designs of financial disclosure initiatives.

For further insights, the working paper is available on CGAP’s website here.

Big Data, Financial Inclusion and Privacy for the Poor

Dr. Katherine Kemp, Research Fellow, UNSW Digital Financial Services Regulation Project
30 Aug 2017

Financial inclusion is not good in itself.

We value financial inclusion as a means to an end. We value financial inclusion because we believe it will increase the well-being, dignity and freedom of poor people and people living in remote areas, who have never had access to savings, insurance, credit and payment services.

It is therefore important to ensure that the way in which financial services are delivered to these people does not ultimately diminish their well-being, dignity and freedom. We already do this in a number of ways – for example, by ensuring providers do not make misrepresentations to consumers, or charge exploitative or hidden rates or fees. Consumers should also be protected from harms that result from data practices, which are tied to the provision of financial services.

Benefits of Big Data and Data-Driven Innovations for Financial Inclusion

“Big data” has become a fixture in any future-focused discussion. It refers to data captured in very large quantities, very rapidly, from numerous sources, where that data is of sufficient quality to be useful. The collected data is analysed, using increasingly sophisticated algorithms, in the hope of revealing new correlations and insights.

There is no doubt that big data analytics and other data-driven innovations can be a critical means of improving the health, prosperity and security of our societies. In financial services, new data practices have allowed providers to serve customers who are poor and those living in remote areas in new and better ways, including by permitting providers to:

  • extend credit to consumers who previously had to rely on expensive and sometimes exploitative informal credit, if any, because they had no formal credit history;
  • identify customers who lack formal identification documents;
  • design new products to fit the actual needs and realities of consumers, based on their behaviour and demographic information; and
  • enter new markets, increasing competition on price, quality and innovation.

But the collection, analysis and use of enormous pools of consumer data has also given rise to concerns for the protection of financial consumers’ data and privacy rights.

Potential Harms from Data-Driven Innovations

Providers now not only collect more information directly from customers, but may also track customers physically (using geo-location data from their mobile phones); track customers’ online browsing and purchases; and engage third parties to combine the provider’s detailed information on each customer with aggregated data from other sources about that customer, including their employment history, income, lifestyle, online and offline purchases, and social media activities.

Data-driven innovations create the risk of serious harms both for individuals and for society as a whole. At the individual level, these risks increase as more data is collected, linked, shared, and kept for longer periods, including the risk of:

  • inaccurate and discriminatory conclusions about a person’s creditworthiness based on insufficiently tested or inappropriate algorithms;
  • unanticipated aggregation of a person’s data from various sources to draw conclusions which may be used to manipulate that person’s behaviour, or adversely affect their prospects of obtaining employment or credit;
  • identity theft and other fraudulent use of biometric data and other personal information;
  • disclosure of personal and sensitive information to governments without transparent process and/or to governments which act without regard to the rule of law; and
  • harassment and public humiliation through the publication of loan defaults and other personal information.

Many of these harms are known to have occurred in various jurisdictions. The reality is that data practices can sometimes lead to the erosion of trust in new financial services and the exclusion of vulnerable consumers.

Even relatively well-meaning and law-abiding providers can cause harm. Firms may “segment” customers and “personalise” the prices or interest rates a particular consumer is charged, based on their location, movements, purchase history, friends and online habits. A person could, for example, be charged higher prices or rates based on the behaviour of their friends on social media.

Data practices may also increase the risk of harm to society as a whole. Decisions may be made to the detriment of entire groups or segments of people based on inferences drawn from big data, without the knowledge or consent of these groups. Pervasive surveillance, even the awareness of surveillance, is known to pose threats to freedom of thought, political activity and democracy itself, as individuals are denied the space to create, test and experiment unobserved.

These risks highlight the need for perspective and caution in the adoption of data-driven innovations, and the need for appropriate data protection regulation.

The Prevailing “Informed Consent” Approach to Data Privacy

Internationally, many data privacy standards and regulations are based, at least in part, on the “informed consent” – or “notice” and “choice” – approach to informational privacy. This approach can be seen in the Fair Information Practice Principles that originated in the US in the 1970s; the 1980 OECD Privacy Guidelines; the 1995 EU Data Protection Directive; and the Council of Europe Convention 108.

Each of these instruments recognise consumer consent as a justification for the collection, use, processing and sharing of personal data. The underlying rationale for this approach is based on principles of individual freedom and autonomy. Each individual should be free to decide how much or how little of their information they wish to share in exchange for a given “price” or benefit. The data collector gives notice of how an individual’s data will be treated and the individual chooses whether to consent to that treatment.

This approach has been increasingly criticised as artificial and ineffectual. The central criticisms are that, for consumers, there is no real notice and there is no real choice.

In today’s world of invisible and pervasive data collection and surveillance capabilities, data aggregation, complex data analytics and indefinite storage, consumers no longer know or understand when data is collected, what data is collected, by whom and for what purposes, let alone how it is then linked and shared. Consumers do not read the dense and opaque privacy notices that supposedly explain these matters, and could not read them, given the hundreds of hours this would take. Nor can they understand, compare, or negotiate on, these privacy terms.

These problems are exacerbated for poor consumers who often have more limited literacy, even less experience with modern uses of data, and less ability to negotiate, object or seek redress. Yet we still rely on firms to give notice to consumers of their broad, and often open-ended, plans for the use of consumer data and on the fact that consumers supposedly consented, either by ticking “I agree” or proceeding with a certain product.

The premises of existing regulation are therefore doubtful. At the same time, some commentators question the relevance and priority of data privacy in developing countries and emerging markets.

Is data privacy regulation a “Western” concept that has less relevance in developing countries and emerging markets?

Some have argued that the individualistic philosophy inherent in concepts of privacy has less relevance in countries that favour a “communitarian” philosophy of life. For example, in a number of African countries, “ubuntu” is a guiding philosophy. According to ubuntu, “a person is a person through other persons”. This philosophy values openness, sharing, group identity and solidarity. Is privacy relevant in the context of such a worldview?

Privacy, and data privacy, serve values beyond individual autonomy and control. Data privacy serve values which are at the very heart of “communitarian” philosophies, including compassion, inclusion, face-saving, dignity, and the humane treatment of family and neighbours. The protection of financial consumers’ personal data is entirely consistent with, and frequently critical to, upholding values such as these, particularly in light of the alternative risks and harms.

Should consumer data protection be given a low priority in light of the more pressing need for financial inclusion?

Some have argued that, while consumer data protection is the ideal, this protection should not have priority over more pressing goals, such as financial inclusion. Providers should not be overburdened with data protection compliance costs that might dissuade them from introducing innovative products to under-served and under-served consumers.

Here it is important to remember how we began: financial inclusion is not an end in itself but a means to other ends, including permitting poor and those living in remote areas to support their families, prosper, gain control over their financial destinies, and feel a sense of pride and belonging in their broader communities. The harms caused by unregulated data practices work against each of these goals.

If we are in fact permanently jeopardising these goals by permitting providers to collect personal data at will, financial inclusion is not serving its purpose.


There will be no panacea, no simple answer to the question of how to regulate for data protection. A good starting place is recognising that consumers’ “informed consent” is most often fictional. Sensible solutions will need to draw on the full “toolkit” of privacy governance tools (Bennett and Raab, 2006), such as appropriate regulators, advocacy groups, self-regulation and regulation (including substantive rules and privacy by design). The solution in any given jurisdiction will require a combination of tools best suited to the context of that jurisdiction and the values at stake in that society.

Contrary to the approach advocated by some, it will not be sufficient to regulate only the use and sharing of data. Limitations on the collection of data must be a key focus, especially in light of new data storage capabilities, the likelihood that de-identified data will be re-identified, and the growing opportunities for harmful and unauthorised access the more data is collected and the longer it is kept.

Big data offers undoubted and important benefits in serving those who have never had access to financial services. But it is not a harmless curiosity to be mined and manipulated at the will of those who collect and share it. Personal information should be treated with restraint and respect, and protected, in keeping with the fundamental values of the relevant society.

This post was authored by Dr. Katherine Kemp, Research Fellow at UNSW Digital Financial Services Regulation Project.  She presented as an expert speaker at the Responsible Finance Forum in Berlin this year.      

Dr.  Kemp’s post originally appeared on IFMR Trust’s site in August 2017.



Colin J Bennett and Charles Raab, The Governance of Privacy (MIT Press, 2006)

Gordon Hull, “Successful Failure: What Foucault Can Teach Us About Privacy Self-Management in a World of Facebook and Big Data” (2015) 17 Ethics and Information Technology Journal 89

Debbie VS Kasper, “Privacy as a Social Good” (2007) 28 Social Thought & Research 165

Katharine Kemp and Ross P Buckley, “Protecting Financial Consumer Data in Developing Countries: An Alternative to the Flawed Consent Model” (2017) Georgetown Journal of International Affairs (forthcoming)

Alex B Makulilo, “The Context of Data Privacy in Africa,” in Alex B Makulilo (ed), African Data Privacy Laws (Springer International Publishing, 2016)

David Medine, “Making the Case for Privacy for the Poor” (CGAP Blog, 15 November 2016)

Lokke Moerel and Corien Prins, “Privacy for the Homo Digitalis: Proposal for a New Regulatory Framework for Data Protection in the Light of Big Data and the Internet of Things” (25 May 2016)

Office of the Privacy Commissioner of Canada, Consent and Privacy: A Discussion Paper Exploring Potential Enhancements to Consent Under the Personal Information Protection and Electronic Documents Act (2016)

Omri Ben-Shahar and Carl E Schneider, More Than You Wanted to Know: The Failure of Mandated Disclosure (Princeton University Press, 2016)

Productivity Commission, Australian Government, “Data Availability and Use” (Productivity Commission Inquiry Report No 82, 31 March 2017)

Bruce Schneier, Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World (WW Norton & Co, 2015)

Daniel J Solove, “Introduction: Privacy Self-Management and the Consent Dilemma” (2013) 126 Harvard Law Review 1880


Regulatory Sandboxes: Potential for Financial Inclusion?

Ivo Jenik
30 Aug 2017

Many regulators need to address innovations that could advance financial inclusion without incurring major risks. Regulatory sandboxes have emerged as a tool that has potential. A regulatory sandbox is a framework set up by a regulator that allows FinTech startups and other innovators to conduct live experiments in a controlled environment under a regulator’s supervision. Regulatory sandboxes are gaining popularity, mostly in developed financial markets. With a few exceptions, the countries with regulatory sandboxes designed them to accommodate or even spur FinTech innovations; typically, they are not designed to focus explicitly on financial inclusion. This raises the question: Could regulatory sandboxes be useful in emerging markets and developing economies (EMDEs) to advance FinTech innovations designed to benefit unserved and underserved customers?

 This question has piqued the interest of the financial inclusion community. For instance, a report that complements the G20 High-Level Principles for Digital Financial Inclusion refers to regulatory sandboxes as a means to balance innovation and risk in favor of financial inclusion. For now, evidence for the effectiveness of regulatory sandboxes is weak. The newness, variability and lack of performance data on sandboxes make it difficult (if not impossible) to measure their impact on financial markets, let alone on financial inclusion. However, our working hypothesis is that regulatory sandboxes can enable innovations that are likely to benefit excluded customers, regardless of whether inclusion is a key objective. FinTech innovations can lead to more affordable products and services, new distribution channels that reach excluded groups, operational efficiencies that make it possible to serve low-margin customers profitably and compliance and risk-management approaches (e.g., simplified customer due diligence and alternative credit scoring).

Three of the 18 countries where regulatory sandboxes have been or are being established — Bahrain, India and Malaysia — have explicitly listed financial inclusion among their key objectives. Other countries may follow suit depending on their policy goals, mandates and priorities. Policy makers who decide to make financial inclusion an integral part of their sandboxes could do so in several ways. For instance, they could favor pro-inclusion innovators with a more streamlined admissions process, licensing fee waivers, or performance indicators that measure innovations’ impact on financial inclusion. By favoring pro-inclusion innovators, regulators could use sandboxes to measure innovations’ potential impact on financial inclusion and tailor policy interventions to increase the benefits and mitigate the risks.

While there are good reasons to explore regulatory sandboxes, policy makers should be prepared to face challenges. Most importantly, operating a regulatory sandbox requires adequate human and financial resources to select proposals, provide guidance, oversee experiments and evaluate innovations. Regulators may lack these resources in many EMDE countries. Therefore, policy makers need to pay attention to details and carefully consider their options. These may include various sandbox designs and other pro-innovation approaches that have been used successfully. For example, the test-and-learn approach enables a regulator to craft an ad hoc framework within which an innovator tests a new idea in a live environment, with safeguards and key performance indicators in place. A wait-and-see approach allows a regulator to observe how an innovation evolves before intervening (e.g., person-to-person lending in China).

Regulatory sandboxes are too new to be fully understood and evaluated. In the absence of hard, long-term data on successful testing, their risks and benefits are speculative, but they deserve further attention. CGAP has conducted a comprehensive mapping of regulatory sandboxes to gain insights into their actual and potential role in EMDEs, particularly regarding financial inclusion. With our findings, to be released next month, we will offer a compass for policy makers to navigate through this complex new landscape. Stay tuned to learn more soon.

This post was authored by Ivo Jenik at CGAP and originally appeared on the CGAP website on August 17, 2017.

The Rise Of Machine Learning And The Risks Of AI-Powered Algorithms

30 Aug 2017

This post originally appeared on The Financial Brand website on August 23, 2017.

Back in the Old Days, you used to have to hire a bunch of mathematicians to crunch numbers if you wanted to extrapolate insights from your data. Not anymore. These days, computers are so smart, they can figure everything out for themselves. But the uncensored power of “self-driving” AI presents financial institutions with a whole new set of regulatory, compliance and privacy challenges.

More and more financial institutions are using algorithms to power their decisions, from detecting fraud and money laundering patterns to product and service recommendations for consumers. For the most part, banks and credit unions have a good handle on how these traditional algorithms function and can mitigate the risks in using them.

But new cognitive technologies and the accessibility of big data have led to a new breed of algorithms. Unlike traditional, static algorithms that were coded by programmers, these algorithms can learn without being explicitly programmed by a human being; they change and evolve based on the data that’s input into the algorithms. In other words, true artificial intelligence.

And this is one area where financial institutions plan on investing heavily. In 2016, almost $8 billion was spent on cognitive systems and artificial intelligence — led by the financial services industry — and that amount will explode to over $47 billion by 2020, a compound annual growth rate of more than 55%, according to IDC.

There are certainly many benefits to using these AI-powered, machine learning algorithms, particularly with respect to marketing strategy. That’s why money is pouring into data sciences. But there are also risks.

Dilip Krishna and Nancy Albinson, Managing Directors with Deloitte’s Risk and Financial Advisory, explain some of these risks and what financial institutions can do to manage through them.

The Financial Brand (TFB): Can you give an example of how financial institutions can use machine learning algorithms?

Dilip Krishna, Managing Director with Deloitte’s Risk and Financial Advisory: One financial institution is using machine learning in the investment space. They are collecting data from multiple news and social media sources and mine that data. As soon as a news event occurs, they use machine learning to predict which stocks will be affected both positively and negatively and then apply those insights in their sales and marketing process.

TFB: With AI and machine learning, algorithms can build themselves. But isn’t this dangerous?

Nancy Albinson, Managing Director with Deloitte’s Risk and Financial Advisory: Certainly the complexity of these AI-powered algorithms and how they are designed increases the risks. Sophisticated technology such as sensors and predictive analytics and the volume of data that is readily available makes the algorithms inherently more complex. What’s more, the design of the algorithms is not as transparent. They can be created “inside the black box”, and this can open the algorithm up to intentional or unintentional biases. If the design is not apparent, monitoring is more difficult.

And as machine learning algorithms become more powerful — and more pervasive — financial institutions will assign more and more responsibility to these algorithms, compounding the risks even further.

TFB: Are regulators aware of the risks AI and machine learning poses to financial institutions?

Dilip Krishna: Governance of these algorithms is not as strong as it needs to be. For example, while rules such as SR11-7 Guidance on Model Risk Management describe how models should be validated, these rules do not cover machine learning algorithms. With predictive models, you build the model, test it, and its done. You don’t test to see if the algorithm changes based on the data you feed it. In machine learning, the algorithms change, evolve and grow; new biases could potentially be added.

We just don’t see regulators talking about the risks of machine learning models, and they really should be paying more attention. For example, in loan decisioning, the data could inform an unconscious bias against minorities that could expose the bank to regulatory scrutiny.

TFB: Do financial institutions really have the technological expertise to pull this off?

Dilip Krishna: Some of this technology — like deep learning algorithms using neural networks — is on the cutting edge of science. Even advanced technology companies struggle with understanding and explaining how these algorithms work. Neural networks can have thousands of nodes and many layers leading to billions of connections. Determining which connections actually have predictive value is difficult.

At most financial institutions, the number of models to manage is still small enough that they can use ad hoc mechanisms or external parties to test their algorithms. The challenge is that machine learning is embedded in business processes so institutions may not recognize that they need to address not just the models but the business processes as well.

TFB: What should financial institutions consider when developing a risk management program around AI and machine learning algorithms?

Dilip Krishna: Financial institutions need to respect algorithms from a risk perspective, and have functions responsible for addressing the risks. Risk management isn’t necessarily difficult, but it’s definitely different for machine learning algorithms. Rather than studying the actual programming code of the algorithm, you have to pay attention to the outcomes and actual data sets. Financial institutions do this a lot less than they should.

Nancy Albinson: Really understand those algorithms you rely on and that have a high impact or a high risk to your business if something goes awry. I agree that it’s about putting a program in place that monitors not just the design but also the data input. Is there a possibility that someone could manipulate the data along the way to make the results a bit different?

Recognize that risk management of these algorithms is a continuous process and financial institutions need to be proactive. There is a huge competitive advantage to using algorithms and it’s possible to entrust more and more decision-making to these complex algorithms. We’ve seen things go wrong with algorithms so financial institutions need to be ready to manage the risk. Those institutions that are able to manage the risk while leveraging machine learning algorithms will have a competitive advantage in the market.

Calculating Your Algorithmic Risk

Deloitte recommends that financial institutions assess their maturity in managing the risk of machine learning algorithms by asking the following questions:

  • Do you have a good handle on where algorithms are deployed?
  • Have you evaluated the potential impact should these algorithms function improperly?
  • Does senior management understand the need to manage algorithmic risks?
  • Do you have a clearly established governance structure for overseeing the risks emanating from algorithms?
  • Do you have program in place to manage risks? If so, are you continuously enhancing the program over time as technologies and requirements evolve?