Consumer Protection in a Digital Age
Last week the Smart Campaign launched new standards and guidance covering digital financial services, especially credit. This is a milestone for the Campaign, and a step forward for protecting consumers who are accessing financial services digitally for the first time. We would like the standards to be widely used to guide the practices of both fintechs and traditional financial service providers undergoing digital transformation.
Through the in-depth research, piloting and consultation to prepare these standards, we have developed an approach to consumer protection for digital credit that is in many ways familiar and in other ways brand new. The Client Protection Principles, from transparency to fair and respectful treatment, continue to be the bedrock on which the standards are based, and many of the original standards still apply with few or minor changes.
But there is also big news in these standards. They shift the emphasis in application of consumer protection from staff and operations toward product design and delivery. When services are delivered primarily through front line staff or loan officers, clients are protected by ensuring that staff are well-trained and properly incentivized. With digital services, the consumer experience is embedded in the design of the product and user interfaces – largely in advance. This is a profound shift. To ensure consumer protection, digital financial service providers will need to institute practices in the design process to confirm that consumer risks are mitigated. These practices are only now emerging in the sector.
There is big news in these standards. They shift the emphasis in application of consumer protection from staff and operations toward product design and delivery.
For example, we propose that to protect clients against over-indebtedness in digital lending, where predictive algorithms substitute for repayment capacity analysis, providers must regularly review the choices embedded in the algorithm and selection of data points (ex ante measures), and they must monitor results in the portfolio and directly with clients (ex post measures).
Similarly, there is a broad shift in emphasis from Client Protection Principle #5, Fair and Respectful Treatment, to an expanded Client Protection Principle #1, reformulated as Design of Products, Services and Delivery Channels. In non-digital models the standards around fair treatment focus on staff behavior toward clients, such as codes of conduct and sanctions for lapses. In the new standards, more attention is given to ensuring that the design process incorporates client input and that predatory or deceptive sales and marketing techniques are not programmed.
Another big change in the standards is the elaboration of the Privacy of Client data principle, which has been reformulated as Privacy, Security and Integrity of Client Data. When the Smart Campaign began, data privacy was often regarded as the least important of the principles, but today it is a major concern, as financial service providers and their partners have, use and share so much more client data. Many providers have not yet determined what privacy policies to follow or how to implement them. Informed consent is a starting point, as the standards state, but we are also looking at ways to bake privacy protections into design. As more data is manipulated, stored and moved from place to place, risks increase for data breaches and misuse, prompting us to also deepen attention to cybersecurity.
A final noteworthy shift is the use of partnerships (including agents) to deliver products, which makes it harder to assign responsibility for client mistreatment. For example, an agent may be managed by a network operator while selling products of a bank or other financial service provider. When something goes amiss, it should be made clear who is responsible to make the client whole. The standards call on providers to discuss relevant practices with partners and secure agreement for partners to meet high standards, wherever possible.
As a first cut at a complete set of consumer protection standards for digital services, we recognize that these standards will need to continue to be tested and refined. An enormous thanks to the organizations who worked with us to develop the standards, particularly the Fintech Protects community of practice and MFR (formerly Microfinanza Rating), as well as to the many people who provided comments and critique. We continue to welcome your feedback. Meanwhile, we call on digital financial service providers around the world to apply the standards so that they and their consumers will face fewer risks and receive the value they seek from using financial services.