WORKING PAPER Regulatory Framework for Digital Financial Services in Côte d’Ivoire A Diagnostic Study Patrick Meagher November 2017 Acknowledgment and disclaimer: This diagnostic study is based largely on a desk review, with information and guidance provided by Estelle Lahaye, Corinne Riquet-Bamba, and Stefan Staschen of CGAP. Discussions with and insights gleaned from market actors in Côte d’Ivoire and Senegal were particularly helpful. Responsibility for the information and views set out in this paper lies entirely with the author. This work is available under the Creative Commons Attribution 3.0 IGO license (CC BY 3.0 IGO) https://creativecommons. org/licenses/by/3.0/igo/. By using the content of this publication, you agree to be bound by the terms of this license. For attribution, translations, adaptations, and permissions, see the provisions and terms of use at https://www.adb.org/ terms-use#openaccess. Suggested citation: Meagher, Patrick. 2017. “Regulatory Framework for Digital Financial Services in Côte d’Ivoire: A Diagnostic Study.” Working Paper. Washington, D.C.: CGAP. All queries on rights and licenses should be addressed to CGAP Publications, Consultative Group to Assist the Poor/World Bank Group, 1818 H Street, NW, MSN IS7-700, Washington, DC 20433 USA; e-mail: cgap@worldbank.org. TABLE OF CONTENTS ACRONYMS.................................................................................................. V EXECUTIVE SUMMARY................................................................................ VI 1. INTRODUCTION..................................................................................... 1 2. OVERVIEW OF DFS MARKET CONTEXT................................................ 3 2.1 Market development............................................................................................................ 4 2.2 Market infrastructure.......................................................................................................... 6 3. E-MONEY AND PAYMENTS................................................................... 7 3.1 E-money: Regulatory definition and treatment....................................................... 7 3.2 Protection of funds............................................................................................................... 9 3.3 Issuers: regulatory requirements.................................................................................10 3.4 E-commerce, e-signature.................................................................................................11 3.5 Payments.................................................................................................................................12 4. USE OF AGENTS.................................................................................. 15 4.1 E-money..................................................................................................................................15 4.2 Transfers.................................................................................................................................17 4.3 Agent banking.......................................................................................................................18 5. CUSTOMER IDENTIFICATION.............................................................. 20 5.1 Identity documentation....................................................................................................20 5.2 Know Your Customer.........................................................................................................21 5.3 KYC tiering..............................................................................................................................23 6. CONSUMER PROTECTION................................................................... 24 6.1 Transparency and conditions of services.................................................................24 6.2 Complaint channels............................................................................................................27 6.3 Client data protection........................................................................................................28 7. COMPETITION AND COORDINATION................................................. 29 7.1 Interoperability....................................................................................................................29 7.2 Channel access......................................................................................................................30 7.3 Regulatory responses........................................................................................................30 III 8. CONCLUSION...................................................................................... 33 8.1 E-money and payments....................................................................................................33 8.2 Use of agents..........................................................................................................................34 8.3 Client identification............................................................................................................34 8.4 Consumer protection.........................................................................................................35 8.5 Competition and coordination......................................................................................36 SOURCES CONSULTED............................................................................... 38 LEGISLATION CONCERNING DFS IN WAEMU AND COTE D’IVOIRE......... 40 IV Regulatory Framework for Digital Financial Services in Côte d’Ivoire ACRONYMS ARTCI Ivoirian telecom regulator (Autorité de Régulation des Télécommunications/TIC de Côte d’Ivoire) ATM Automatic teller machine BCEAO Regional central bank (Banque Centrale des Etats de l’Afrique de l’Ouest) CENTIF Financial Intelligence Unit in Côte d’Ivoire (Cellule Nationale de Traitement des Informations Financières) DFS Digital financial services EME  -money issuer that is not a financial institution (Etablissement E de Monnaie Electronique) FCP Financial consumer protection FI Financial institution FIU Financial Intelligence Unit GIM-UEMOA Regional payments switch (Groupement interbancaire monétique de l’UEMOA) IOB Type of bank agent used in Côte d’Ivoire (Intermédiaire en Opérations de Banque) KYC Know your customer MFI Microfinance institution MNO Mobile network operator NBFI Nonbank financial institution OTC Over the counter P2P Person-to-person POS Point of service (device) SICA-UEMOA Regional payment and settlement system (Système Interbancaire de Compensation Automatisé dans l’UEMOA) STAR-UEMOA Regional wholesale payment system (Système de Transfert Automatisé et de Règlement dans l’UEMOA) USSD Unstructured supplementary service data WAEMU West African Economic and Monetary Union (UEMOA) V Regulatory Framework for Digital Financial Services in Côte d’Ivoire EXECUTIVE SUMMARY Regulation plays a critical role in the development and spread of digital financial ser- vices (DFS). This paper offers an analysis of the regulatory framework for DFS in Côte d’Ivoire, including its coverage, its conducive features, and its gaps and obstacles. Côte d’Ivoire is a regional leader in DFS, particularly in the use of mobile money. It is a lower-middle-income country that has nearly 8 percent annual GDP growth. It has a high rate of mobile phone penetration (estimated at 113 percent), and a more modest rate of formal financial inclusion (46 percent of adults, including bank, microfinance, postal, and mobile money accounts). Mobile network operators (MNOs) have been the lead players thus far. They account for three of the five mobile money deployments and the majority of agents. MNOs have mainly partnered with banks that issue e-money. However, in the wake of recent regulatory changes, MNOs are moving to establish e-money subsidiaries.1 Over-the-counter (OTC) services providers, who provide affordable transfer services to clients, including those without digital accounts, are also significant. Any discussion of legal or policy matters in Côte d’Ivoire must pay close attention to the rules laid down by the West African regional institutions of which that country is a member. In this paper, we are principally concerned with the West African Eco- nomic and Monetary Union (WAEMU), a currency union and evolving free trade zone. The WAEMU’s central bank, BCEAO (Banque Centrale des Etats de l’Afrique de l’Ouest), exercises exclusive authority over the money supply and is the primary authority (with the participation of the regional Banking Commission) for the regulation and supervision of financial institutions (FIs), payment systems, and digital finance. The WAEMU Commission’s jurisdiction extends to activities that may have a potential impact on the regional market, for example, in competition regulation. Member coun- tries, including Côte d’Ivoire, retain legal authority in other areas affecting DFS, such as telecommunication (telecom) regulation and general consumer protection. Thus, for example, while BCEAO retains sole authority to regulate financial services from a finan- cial consumer protection (FCP) perspective, countries such as Côte d’Ivoire have gen- eral consumer protection laws and oversight institutions that impact financial services. Policy makers at the national and regional (WAEMU) level are taking steps to expand DFS access. Côte d’Ivoire has taken aim at the digital divide and is improving fiber-­ optic infrastructure and simplifying telecom licensing. It is moving toward a national system of individual identity numbers and is digitizing public-sector payments. A regional payments switch is in place. Financial legislation provides for an array of service tiers, including banks and other credit providers, payment companies, and microfinance institutions (MFIs). In addition, a number of basic banking services are now required to be provided free of charge.2 Further, a regional financial inclusion strategy was adopted by the WAEMU Council of Ministers in June 2016. Côte d’Ivoire also has a national-level financial inclusion strategy. Although supportive measures are being taken, the DFS approach in Côte d’Ivoire has not yet reached its potential. Reasons for this include significant gaps in 1 Orange and MTN have established e-money subsidiaries licensed by BCEAO (situation at the end of May 2017). 2 In the relevant instruction, the services are simply listed, but without a definition. Reportedly, as a result, some banks have changed the names of the relevant services and are charging for them. VI Regulatory Framework for Digital Financial Services in Côte d’Ivoire interoperability between digital financial platforms, cash preference and other “adoption” challenges, and the regulatory obstacles addressed in this paper. This pa- per focuses on the implications in Côte d’Ivoire, but the challenges are often posed at the regional level. The constraints include broader policies impinging on financial inclusion, notably an interest rate cap, which will affect the provision of digital credit going forward, and a limitation on MFIs’ ability to move beyond savings and credit services into other activities, such as e-money issuance. E-money and payments E-money. The cornerstone of DFS is the issuance of electronic money. In a 2015 instruction that updates earlier rules covering Côte d’Ivoire and the other WAEMU markets, BCEAO defines e-money as a monetary value in electronic form, issued without delay against funds in (at least) equal amount, and accepted as a means of payment by third parties. The instruction enables issuers to accept funds from the public for purposes of e-money issuance without (simply for that reason) having to obtain a deposit-taking license. It allows for a range of e-money issuers. Banks, payment financial compa- nies, MFIs, and e-money institutions are permitted to issue e-money with a few pre- conditions. Microfinance regulations severely limit MFIs’ involvement in noncore activities such as e-money issuance. Other issuers, for example, nonfinancial compa- nies, are called Etablissements de Monnaie Electronique (EMEs). To become licensed, EMEs must meet separate standards on corporate governance and be solely dedicat- ed to e-money issuance. As mentioned, some MNOs are in the process of setting up (or have already set up) e-money subsidiaries to use this EME license. Issuers must promptly deposit funds received from e-money clients in accounts spe- cifically for this purpose at one or more banks or MFIs. This e-money “float” is to be separately identified in the accounts of the issuer and depositary institution—and the total value held by each issuer must be at least equal the amount of e-money outstanding at all times. The placement of these funds is prescribed. An issuer must place at least 75 percent of the value of all its e-money in circulation in sight/demand deposits, and the rest in specified types of investments (no trust, escrow, or similar structure is required). Côte d’Ivoire’s deposit guarantee scheme should, by its terms, cover EME float de- posits up to the ceiling amount. But the scheme is not yet in operation, nor is it fully clear how it would treat e-money float in practice. The e-money instruction prohibits issuers from issuing e-money as credit and from paying interest on e-money float (but this does not prevent banks and MFIs from linking a client’s e-money account to her/his other accounts—e.g., credit or savings). The e-money instruction imposes quantitative limits on e-money holdings per client: a maximum e-money balance with a particular issuer of 2 million FCFA (US$3,400) and a maximum of 10 million FCFA (US$17,000) in recharges (topping-up of balance) per month across all institutions. E-commerce and e-signature. E-money (and DFS generally) depends to a great ex- tent on the framework for e-transactions. The critical component here is the certifi- cation of digital documents (with e-signatures) that have replaced paper documents. VII Regulatory Framework for Digital Financial Services in Côte d’Ivoire There is both national and regional legislation in this area. The WAEMU regulation applies by virtue of its (and BCEAO’s) predominant authority over financial services. As the domestic authority for e-commerce, the Ivoirian telecoms regulator (Autorité de Régulation des Télécommunications/TIC de Côte d’Ivoire or ARTCI) has jurisdiction over e-signatures in general. Both regional and national legislation provide in prin- ciple for transactions to be carried out and signatures to be made effective entirely by digital means, once a certified e-signature is in place. Both provide procedures for certification and for the registration of certification services providers. In practice, however, it is reported that fully electronic processes for account opening are not possible in Côte d’Ivoire because hard-copy certificates are required to back e-signatures. This complicates the opening of digital accounts, and (prospectively) the conclusion of digital credit agreements. Payments. As for payment services, a 2002 WAEMU regulation authorizes banks, MFIs, and specialized nonbank payment companies to provide these services. It places them under the supervisory authority of BCEAO. Payments instruments covered include e-transfers, bank cards (ATM and payment cards), and prepaid cards. Payment services providers must abide by the rules set by each payment system, as well as with general standards for reliability, security, and enforcement. The payments regulation does not differentiate between wholesale and retail pay- ments. The bank-based payment systems account for most large-volume and bulk payments (as well as much of the retail payments traffic). In practice, the e-money system is focused on small-value, low-volume transactions. Payment services of- fered by the Post also come within the purview of BCEAO, under the 2002 WAEMU payments regulation. Use of agents Widespread access to agents that operate under appropriate safeguards is critical to DFS and financial inclusion, generally. Authorizing the use of agents opens up the possibility of broad distribution networks. The regulatory framework in WAEMU enables financial services providers to use agents for e-money and rapid (OTC) fund transfers, but is more restrictive with respect to agent banking. (In this paper, “agent” refers generally to distributors, retail agents, intermediaries, and other third parties that handle the outsourcing of financial services.) E-money and transfers. The e-money instruction provides for a two-tier system of primary agents (distributors) and retail-level subagents. Those permitted to serve as primary agents are retailers and other businesses (registered companies or individ- uals), MFIs and other nonbank FIs, and the Post. These agents may then outsource to subagents that must be registered businesses (including individuals and companies). Services that can be outsourced to agents come under the heading of marketing and supply of services related to e-money. They include signing up clients to e-money accounts, cash-in and cash-out, and payment services. Exclusive agency agreements (i.e., requiring an agent to serve a single issuer exclusively) are prohibited. The issuer (principal) remains legally responsible to its clients and third parties for all the services contracted out to its primary agents and for the agents’ liquidity and due diligence. Thus, issuers bear primary responsibility for supervising their agent networks, with BCEAO playing a higher-level oversight and inspection role. VIII Regulatory Framework for Digital Financial Services in Côte d’Ivoire The e-money rules expressly grant BCEAO authority to inspect EMEs along with their e-money agents and technical services providers. In addition, a 2015 BCEAO instruction authorizes banks, NBFIs, and MFIs to use re- tail agents (subagents) for rapid funds transfers—real-time OTC transfers at an au- thorized provider or agent (not involving any bank or e-money account of the sender or recipient). These agents (OTC providers) are prohibited from collecting funds for reasons other than OTC transfer (e.g., deposits) unless the agent is an MFI. Again, exclusive agencies are prohibited. The agents act under the comprehensive respon- sibility of the principal (FI) and for the principal’s account. Agent banking. Beyond the e-money and transfers setting, the scope for using agents is less clear. Agent banking has proven difficult. Banks are authorized to use agents of a type called Intermédiaires en Opérations de Banque (IOB), under fairly stringent conditions, by the banking law and a 2010 BCEAO instruction. These IOBs are sub- ject to prior authorization, fit and proper standards, financial guarantees (by a prin- cipal bank), and regular reporting. Banks are responsible for direct supervision of these agents. From the introduction of the rules in 2010 until end-2016, only five IOBs have been approved in three of the WAEMU countries (none in Côte d’Ivoire). In practice, IOBs have branches and satellite offices, but the instruction does not au- thorize them to contract out functions to subagents (in contrast to the legislation on e-money and rapid transfers). The IOB model thus does not enable agent banking initiatives to expand financial inclusion. For MFIs, the issue of providing credit and savings services through agents is not addressed directly. Conditions and standards for MFI agent services are not defined in legislation, but in practice they appear to be within the authority of BCEAO to set on a case-by-case basis. Customer identification A 2015 WAEMU directive provides anti-money laundering and combatting the fi- nancing of terrorism (AML/CFT) safeguards for the financial sector and a wide range of actors involved in relevant activities. The list of entities covered includes banks, MFIs, e-money issuers, payments and transfers companies, commercial and consum- er credit providers, insurance providers, and agents that provide financial services. Know your customer (KYC) procedures are spelled out in the directive. Before any business is transacted, all covered entities must identify their clients—both individ- uals and organizations. This means obtaining the client’s full name, place and date of birth, and primary address and verifying these by checking a valid “official docu- ment” with a photograph (to be copied) and documentary proof of address. Identity documents. Under the AML/CFT directive, identity information is to be collected at various points and retained. This applies to opening accounts, transfer- ring funds, and establishing a business relationship. Strict procedures are to be used where there are frequent cash transactions or any suspicion of money laundering, terrorism financing, or use of false documentation. Covered entities must continu- ously collect and update specified client information for the duration of the business relationship. Additional AML/CFT precautions are to be taken in the case of most e-transfers and for many transactions by occasional clients. Anonymous accounts or those under assumed names are prohibited. IX Regulatory Framework for Digital Financial Services in Côte d’Ivoire Côte d’Ivoire provides for official identity documentation as a matter of national pol- icy. Whereas identification has often proven a constraint to financial inclusion, and DFS in particular, recent efforts by the government have resulted in some 70 percent of the Ivoirian population (as of mid-2016) having official identification documents. Further, the National Office for Identification is in the process of establishing a com- prehensive digital identifier system. The Ivoirian telecoms regulator (ARTCI) sets the rules for identifying customers wishing to obtain SIM cards, internet subscriptions, and other forms of digital access. Mobile phone and internet services providers must check a valid form of identifica- tion from every individual customer and record her/his full name, place and date of birth, address (postal and physical), phone number, occupation, and details of iden- tity document (this information is not available from a central database). Know your customer. Striking the right balance in KYC requirements means taking a risk-based approach in which standards are graduated or tiered to accommodate financial inclusion. The 2015 WAEMU directive on AML/CFT provides some risk- based accommodation in the form of lighter-touch KYC, but does not create KYC tiers. The directive only varies the way in which ID requirements are applied it does not provide exceptions for clients without official identity documents. In its application to e-money issuers, the directive in effect nullifies the exception for small transac- tions under the 2015 e-money instruction. The AML/CFT directive addresses the use of agents and the required internal safeguards. Covered entities are permitted to outsource client identification and oversight while retaining ultimate responsibility for these obligations. All covered institutions are required to train their personnel and establish control systems to ensure compliance. E-money issuers must supervise their agents and subagents, en- suring there are security and monitoring provisions sufficient to meet standards in the AML/CFT regulations. Consumer protection Because heightened consumer risks arise in the DFS context, there is a need for well-designed protections. Apart from general safeguards discussed earlier, there are three further important elements: (1) fair and transparent dealing, (2) channels for consumer complaints, and (3) treatment of client data. Transparency and conduct. The 2015 e-money instruction requires the issuer and customer to sign a contract to open an account. Mandatory provisions include disclo- sure of the limits, risks, and caution required in using e-money and the procedures in case of fraud, loss, and claims for reimbursement. The issuer is also required to make its fee schedule easily accessible to all customers and to issue an electronic receipt for all transactions. Additional provisions are noted in other financial sector and pay- ments regulations. The 2002 payments regulation requires the conditions for the use of payment instruments and accounts to be clearly explained to the customer and incorporated into a written agreement. The regulation limits the interval between ­ the arrival of a payment order and the crediting of the beneficiary’s account. ­ Other basic consumer provisions appear in banking and microfinance laws—and apply to accounts accessed digitally. These include, for example, transparency in fees and codes of conduct in dealing with customers. X Regulatory Framework for Digital Financial Services in Côte d’Ivoire Standardization of these e-money and payments contracts, however, is not practiced or required. This can make comparison unduly difficult. Nor is there any require- ment regarding format (e.g., length or font requirements) or language (e.g., plain lan- guage or local language). Polling of customers indicates that this is a problem area. Côte d’Ivoire’s 2013 e-commerce law provides standards on advertising, offers, con- tract provisions, transparency of prices (including fees and taxes), and disclosure of identifying information on the seller of goods and services. Contractual provisions and procedures for acceptance are to be spelled out clearly. Also, Côte d’Ivoire has adopted a consumer law that establishes a consumer protection commission and provides specific rules on consumer and housing finance. A concern of special relevance to DFS is the application of consumer protections to agents. Only the e-money and rapid transfer instructions have provisions dealing to any extent regarding this. The e-money instruction requires issuers to ensure that their agents post visible, legible information, such as name and contacts, for the prin- cipal issuer. It also holds issuers legally responsible to clients and other third parties for the agent’s performance. Rapid transfer subagents are to include the logo of the FIs they serve on their signage and post their tariffs at the teller windows. IOBs act under the full responsibility of the bank (the principal), which must formally under- take to repair any damage caused to third parties by its agents. Complaint channels. Pending the implementation of the new consumer protec- tion law, financial consumer complaints are addressed in explicit terms only in the e-money instruction. There, issuers are required to set up forums for complaint han- dling, for both clients and their payees. These systems must be accessible by multiple communication channels at all times, establish deadlines for resolution of claims, and track all complaints received and addressed. These requirements are not spelled out in detail. Thus, procedures are not standardized, nor are providers required to inform consumers about how their complaints are to be handled. BCEAO’s regional financial inclusion strategy envisions the replication of the Observatoire model. Côte d’Ivoire is establishing such an institution with the assis- tance of the World Bank. The Ivoirian Observatoire will include a consumer com- plaint channel and research and policy development functions. It will also allow for functional comparison between institutions that offer transfer services (including between banks, MFIs, and EMEs) and institutions offering transactions accounts (including between banks, MFIs, and EMEs). Client data. Data protection is covered by general provisions on confidentiality and per- sonal data security in banking, microfinance, and e-money regulations. Regional legisla- tion on credit information bureaus contains further provisions on handling client data. Côte d’Ivoire has adopted protections for customer data in its 2012 telecoms ordi- nance, the 2013 law on electronic transactions, and the 2013 personal data legisla- tion. All of these acts are enforced by ARTCI. The laws cover types of sensitive data likely to be handled in DFS operations, such as identity, biometric, household, and legal information. The 2013 data protection law and decree require prior consent of the affected person for the collection and handling of personal data. The 2012 telecoms ordinance requires services providers to protect personal data and ensure the integrity and confidentiality of communications. The platforms and XI Regulatory Framework for Digital Financial Services in Côte d’Ivoire associated digital transmissions provided by MNOs fall as well within the authority of ARTCI and the standards on telecoms, data protection, and e-commerce (an over- lap with BCEAO’s authority over DFS). Competition and coordination The potential of DFS to increase volume, efficiency, and inclusiveness in the financial system depends on connectivity among relevant communication channels and ac- counts. Two important constraints in Côte d’Ivoire, as in some other settings, are un- even access to mobile communication channels and limited interoperability between competing DFS providers and their networks. Interoperability. Early rapid growth of one DFS provider tends to defer the advent of interoperability, in turn favoring dominant actors and limiting competitive growth. Thus, an interoperability policy or scheme is often essential for competition in these markets, but in most settings, it is absent or incomplete. It is often difficult to bring about voluntary agreement on interoperability in the near term, especially where there is a dominant provider. But interoperability can emerge when market players understand the potential shared benefits of network effects. BCEAO is developing a “road map for interoperability.” DFS in Côte d’Ivoire and the WAEMU region could be described as comprising closed loops and distinct operating standards, with limited but growing interoperability. A prime example of evolving integration in the region is GIM-UEMOA, which is a re- gional switch for ATM and POS payments. This switch is available to EMEs across the region. MFIs in the region are slated to get access to this switch, which could also be made available to all e-money issuers. Apparently, FI issuers have not been interest- ed. By contrast, our research found that ATMs have achieved near total interopera- bility, but not as much progress has been achieved with POS. Channel access. Another typical constraint to DFS expansion arises from lack of reliable access to mobile messaging channels. MNOs control the SIM card with its identity data on each mobile user, as well as the phone’s communications channels, including the Unstructured Supplementary Service Data (USSD) channel, which is used by most DFS providers. MNOs not only provide the channel for e-banking services but they also are competi­ tors (through their EME affiliates) of FIs that want to offer mobile financial services and of EMEs that are not affiliated with MNOs. This gives the MNOs an opportunity to price-discriminate against financial services providers that are seeking access, or even to deny access, and to favor aggregators who bring them a large volume of busi- ness. There are reports from stakeholders in Côte d’Ivoire that MNOs have in some cases denied USSD access to FinTech companies or financial institutions. In other cases, MNOs have charged a lot for access or have limited access in terms of time or connection quality. But MNOs are providing channel access to their e-money subsidi­ aries while restricting access to others. Regulatory responses. The frameworks for financial, telecom, and competition regulation—at national and regional levels—provide relevant standards that might be used to address the issues discussed here. For example, the e-money instruc- tion requires issuers to facilitate interoperability. There has not yet been a strong XII Regulatory Framework for Digital Financial Services in Côte d’Ivoire regulatory push to ensure that different participants in DFS can play together on the same, level playing field. Most observers favor suasion over coercion. Introducing, or mandating, interoperability too early may be counterproductive—it may drive up compliance costs and technical complexity. BCEAO’s objective is to ensure full in- teroperability when the market is ready. ARTCI has authority to approve rates and enforce tariff transparency on behalf of MNO customers. It also regulates value-added services (i.e., adjuncts to core telephone and data services). It is responsible for enforcing the laws governing e-commerce and e-signature certification. The agency is tasked with establishing an appropriate mechanism for consumer complaints and follow-up and ensuring quality of service and effective and fair competition (in cooperation with other relevant authorities). Clearly, ARTCI’s authority over mobile providers and e-commerce overlaps with that of BCEAO. This overlap argues in favor of some framework for coordination. ARTCI is mandated to cooperate with other regulatory bodies in Côte d’Ivoire and the region to regulate competition in the telecoms and data markets. At the same time, BCEAO is authorized under financial legislation, such as the e-money instruction, to bring in other regulatory authorities to carry out joint inspections. In the DFS context, ARTCI and BCEAO have established a joint working group that is analyzing several areas of concern, including interoperability. ARTCI is also developing a framework for collaboration with the national and regional competition agencies to monitor the development of the telecom sector. In the field of USSD access, ARTCI has a basis to intervene. The telecoms legislation states that network access, interconnection, and sharing of essential infrastructure should be provided on an equal, nondiscriminatory basis. Refusal to share essen- tial infrastructure can be deemed anti-competitive, while dominant providers have a duty to offer interconnection. ARTCI is required to monitor conditions of access, and it may enforce access as a last resort. Denial of sale, price discrimination, and agree- ments in restraint of trade are prohibited. In fact, ARTCI reports that it is now requiring MNOs to open the USSD channel to external services providers and to make public their respective access offer with a price list. ARTCI was reviewing these prices at the time of the diagnostic. Recommendations Most of the measures suggested are within the responsibility of regional authorities, mainly BCEAO. Recommendations that concern the Ivoirian national authorities (e.g., for some aspects of customer identification and consumer protection) are noted as such. E-money and payments. The 2015 e-money instruction has consolidated and clari- fied the rules in this area. But questions remain about how supportive the rules in other, related, areas are—such as banking and e-commerce. Our recommendations are as follows: ■■ Reconsider the interest rate caps in force across the region. These limits are like- ly to constrain the offer of innovative digital credit and savings products to the unbanked. At least a partial or phased liberalization is advisable. It would be best to couple this with stricter transparency requirements, including standardized XIII Regulatory Framework for Digital Financial Services in Côte d’Ivoire disclosures. This step would support competition, help keep interest rates low, and make it possible to phase out rate caps. This issue is relevant to licensed banks, credit institutions, and MFIs whose loan products may become available via digital channels. ■ Revise the tight limit on MFI activities beyond their traditional ones of savings and credit. BCEAO should adopt an exception, or at least a higher limit, on earn- ings from e-money and related activities by MFIs. Care should be taken to ensure that the rule’s prudential objectives continue to be met. ■■ Clarify protections for e-money float funds. The e-money instruction requires segregation of float funds by the issuer and the depositary institution. The treat- ment of these funds in the case of the issuer’s bankruptcy is not clear. Thus, requiring a trust account structure might be advisable here to insulate the float from claims by the issuer and its creditors. Also, as Côte d’Ivoire’s deposit guarantee system goes into operation, its scope of coverage should be clarified to ensure adequate, equitable protection of e-money float. Adopting a system of per-client “pass-through” insurance should be considered. ■■ Harmonize regional and national rules on e-signature acceptance and certifica- tion, and ensure coordination and clear jurisdictional lines between BCEAO and ARTCI in this area. The key is to ensure that fully digital signatures and certifica- tions can be routinely used—without recourse to paper documents and in such a way that is easily affordable for low-income people. BCEAO reports that work is underway on revisions to the regional payments regulation for this purpose. Use of agents. The 2015 instructions on e-money and rapid money transfers clari- fied the rules on agency, and took a critical step in incorporating both primary agents and subagents. On the other hand, the conditions for agent banking appear far too restrictive for the banks, and not clearly articulated for the MFIs. We recommend the following: ■■ Develop uniform, or at least harmonized, agency rules and standards for financial services outreach across the board—including agent banking, e-money agents, and rapid transfer agents. A functional, risk-based approach should be adopted, in preference to the current patchwork of mostly institution-based regulation. Customer identification. Our key question is whether the new regional AML/CFT regime sufficiently accommodates financial inclusion and DFS through tiered, risk- based KYC standards. It does not, and it adds to the patchwork of limited and con- flicting due diligence exceptions. On the other hand, Côte d’Ivoire’s program of ex- panding access to official identification documents will help ease KYC procedures and thus enhance financial inclusion. Our recommendations are as follows: ■■ Replace the patchwork of KYC carve-outs for small transactions (including case- by-case adjustments) with a clear, consistent set of risk-based KYC tiers. The tiers should provide comprehensive coverage of financial services, including DFS, and should provide exceptions from requirements more likely to exclude traditionally unbanked groups, such as poor and rural populations (e.g., documentation of a permanent address). General Financial Action Task Force principles in the 2015 and 2012 WAEMU legislation need to be spelled out concretely in legislation applicable at the national level. XIV Regulatory Framework for Digital Financial Services in Côte d’Ivoire ■■ Coordinate identification requirements for SIM cards and DFS. One promising approach that could be explored is to carry over the same identity verification procedure used for SIM cards into the KYC process—and perhaps national identification cards and databases as well. Consumer protection. The consumer protections applicable to DFS are improving but lack comprehensiveness and consistency. The following are our recommendations: ■■ Strengthen and harmonize consumer protections across the full range of DFS— including digital links to savings and credit accounts as these become feasible. Provisions on fraud, security, data protection, and bankruptcy and other contin- gencies should be similarly expanded. Application of consumer norms to agents should be clearer and more consistent across the board. ■■ Enhance transparency and comparability by requiring standardized fee informa- tion for payments accounts, or at least by introducing standard requirements for format and manner of disclosure. ■■ A tribunal or ombudsman for retail finance, including DFS, is also important. Côte d’Ivoire is setting up a financial sector Observatoire and a Consumer Commission. Explicit, specific provisions related to DFS will help to strengthen protection in this subsector. Further, the protections will be most effective if all financial ser- vices providers (not just e-money issuers, as is now the case) are required to have in-house complaint systems, and for these to offer a route of appeal to the Commission and Observatoire, and hence to the courts. ■■ There is a need to make consumer protections effective in practice through sys- tematic supervision. As matters stand, some provisions reportedly are not ap- plied at all by providers. Good practice here involves regulatory oversight of con- sumer practices as a market conduct and prudential matter. ■■ Data collection on consumer practices should be strengthened and systematized. Data analysis can reveal patterns of practice and risks posed by noncompliance with consumer norms and effectiveness of enforcement. Competition and coordination. Difficulties arise from the overlaps between mar- kets, service delivery infrastructure, and regulatory regimes. The key issues here are interoperability and access to the USSD channel. Constraints in these areas act as a drag on overall DFS development and financial inclusion. Importantly, ARTCI is now requiring MNOs to open the USSD channel to external services providers. In this area, we recommend the following: ■■ BCEAO, ARTCI, and perhaps the competition authorities should elaborate the framework for cooperation that they have discussed and map out a strategy for rationalizing the governance of the DFS market. Recent steps taken by the two regulatory bodies are promising in this regard. ■■ ARTCI, in coordination with the other regulators, should monitor MNOs for po- tential discriminatory pricing and service quality in USSD access because this affects DFS delivery. XV Regulatory Framework for Digital Financial Services in Côte d’Ivoire 1. INTRODUCTION Regulation plays a critical role in the de- Part 2 provides a brief overview of velopment and spread of digital finan- the Ivoirian context in key market and cial services (DFS). This paper offers an policy developments. In the four parts analysis of the regulatory framework for that follow, we review the core ele- DFS in Côte d’Ivoire, including its cover- ments of the regulatory framework for age, its enabling features, and its gaps DFS in Côte d’Ivoire (i.e., what CGAP and obstacles. (See Box 1 for a defini- calls “basic regulatory enablers”). tion of DFS.) We discuss priority areas We consider the provisions govern- for strengthening and reform, to be ad- ing e-money issuance and the use of dressed at the national level and at the agents in DFS (parts 3–4)—these are level of the West African Economic and necessary conditions for moving fi- Monetary Union (WAEMU), of which nancial services into the digital realm Côte d’Ivoire is a member state. We and making them broadly accessible in aim to provide analysis that is relevant this form. Next, we examine the provi- and useful to policy makers in Côte sions on customer identification and d’Ivoire and to others interested in DFS consumer protection (parts 5–6). Such regulation and its links with financial safeguards, along with protections em- inclusion. bedded in e-commerce and personal BOX 1.  Definition of DFS We define DFS as the suite of financial services, potentially including both tradi- tional and new products, offered by banks and nonbank providers through digital transactions platforms. The services are accessed by digital devices, such as mo- bile phones, cards used with point-of-service (POS) devices or automatic teller machines (ATMs), and internet connections. Agents play a critical role here, par- ticularly in conversion between cash and electronic funds (cash-in, cash-out). The following key elements should be emphasized: A ■  digital device—either a mobile phone or a payment card plus a POS device that transmits and receives transaction data. Agents—individuals, ■  retail stores or outlets, or ATMs where customers can put cash in (i.e., convert cash into digitally stored value or make a digital payment or transfer) and take cash out (e.g., withdrawing from a digital stored-value account or receiving a digital remittance or other transfer or payment). A ■  digital transaction platform (i ) enables payments, transfers, and value storage through a digital device and (ii ) connects to an account with a bank or nonbank permitted to store e-value. The ■  offer of additional financial products and services through the combination of banks and nonbanks (including nonfinancial companies) that leverages digital transactional platforms. Source: Global Partnership for Financial Inclusion (2016), p. 46. 1 Regulatory Framework for Digital Financial Services in Côte d’Ivoire data handling regulations, should with the competitive challenges that strengthen security and confidence result. We look at the ongoing efforts in the safety of DFS, provide for the of authorities at the level of WAEMU enforcement of customer rights, and and the Côte d’Ivoire government in thereby encourage wider use of DFS. addressing these special difficulties. Part 7 covers the complex of regulatory We conclude with a short policy review authorities involved in this field, along and recommendations. 2 Regulatory Framework for Digital Financial Services in Côte d’Ivoire 2. OVERVIEW OF DFS MARKET CONTEXT What are the salient features of the DFS regulation and supervision of financial market in Côte d’Ivoire? What are some institutions (FIs), payment systems, of the key features and trends in the and digital finance. A Banking Council development of this market? This dis- has overall responsibility for the finan- cussion sets the stage for the enabling cial sector, and the region’s Ministers framework analysis that follows. The of Finance. It also participates in de- specific shape and modalities of DFS in cisions—but ongoing regulation and practice point to specific issues in policy, supervision are handled mainly by the law, and regulation. Central Bank, with the participation of the Banking Commission. (See Figure 1.) Any discussion of legal or policy matters in Côte d’Ivoire must pay close atten- Thus, regional institutions have prima- tion to the rules laid down by the West ry authority for the financial sector and African regional institutions of which monetary policy, as well as for regulation that country is a member. WAEMU is a of activities that may have a potential currency union and evolving free trade impact on the regional market, for ex- zone. WAEMU’s leaders, acting in con- ample, in terms of competition (includ- cert,3 adopt legislation and policy deci- ing aspects of consumer protection). sions in areas such as trade, competition, The member countries, including Côte finance, and monetary policy. Its cen- d’Ivoire, retain legal authority in other tral bank, BCEAO (Banque Centrale des areas affecting DFS, such as telecom regu- Etats de l’Afrique de l’Ouest), exercises lation and general consumer protection. exclusive authority over the money sup- For example, while BCEAO retains sole ply and is the primary authority for the authority to regulate financial services FIGURE 1.  Regulators of the DFS space: Regional and national WAEMU BCEAO: CÔTE D’IVOIRE Financial services ARTCI: E-money E-commerce (e-signature) Payments (e-signature) Telecoms, Post Agents Data handling & protecƟon KYC rules ID system Consumer protecƟon NaƟonal market: Consumer & compeƟƟon Regional market: rules CompeƟƟon 3 I.e., acting through the Union’s Conference of Heads of State and Government and its Council of Ministers. 3 Regulatory Framework for Digital Financial Services in Côte d’Ivoire from a financial consumer protection of cross-border remittances in the re- (FCP) perspective, countries such as gion, reflecting its sizeable immigrant Côte d’Ivoire have consumer protection population. There are an estimated laws and oversight institutions that im- 20,000 mobile money agents in Côte pact financial services.4 d’Ivoire compared to over 900 branch- es of FIs and 832 ATMs. Mobile network 2.1 Market development operators (MNOs) have been the lead players thus far. They account for three Côte d’Ivoire is a regional leader in DFS, of the five mobile money deployments particularly in regard to mobile money. and the majority of agents. The MNOs It is a lower-middle income country that have mainly partnered with banks that has nearly 8 percent annual GDP growth issue e-money. However, in the wake of (in the wake of civil conflict). It has a recent regulatory changes, two of the population of 22.7 million; nearly half of three MNOs have now moved toward the population lives in rural areas. It has establishing e-money subsidiaries. an adult literacy rate of 41 percent. An estimated 18.3 percent of the adult pop- Although policy makers at the national ulation holds a bank account, according and regional level are taking steps to to BCEAO (at end 2015). Including mi- expand DFS access, Côte d’Ivoire has crofinance, postal, and mobile money not yet seen this sector reach its full accounts,5 the rate of financial inclusion potential. Reasons for this include the is 46 percent, according to a BCEAO esti- limited attractiveness of DFS offers to mate. Mobile-phone (i.e., SIM card) pene­ date, relatively high costs of service, cash tration is quite high, at 113 percent, as preference and other “adoption” chal- compared to the 14.6 percent rate of in- lenges, and regulatory constraints. This ternet access (Koné 2016).6 paper focuses on the implications in Côte d’Ivoire, but the challenges are often In terms of DFS, the number of mobile posed, and relevant policies adopted, at money subscribers is an estimated the regional level. 10.4 million; 41 percent of these ac- counts have been active in 2015. Mo- Several positive developments in the bile money transactions in 2015 were direction of expanding access are reported to be a total of 3.8 billion worth highlighting. Regional financial FCFA (US$6.3 million). Côte d’Ivoire is legislation that provides for an array the leading mobile money market in of service tiers, including banks and WAEMU. According to BCEAO, at the other credit providers,7 payment com- end of 2015, Côte d’Ivoire represented panies, and MFIs (Systèmes Financiers 41 percent of the total mobile-money Décentralisés-SFD8), is in place. The MFI registered customers in the region; law replaced earlier legislation that was 46 percent of the total transactions in based on a mutualist model and had a volume and 51 percent in value. Côte more flexible arrangement. In addition, d’Ivoire also has the largest volume several basic banking services are now 4 Côte d’Ivoire is also a member of the Economic Community of West African States (ECOWAS), which operates parallel to WAEMU and adopts policies to support the regional market. For example, the ECOWAS policy on e-transactions was adopt- ed into law by Côte d’Ivoire in 2013. 5 E-money delivered by mobile phone, including the most basic handsets. 6 Note d’information n°48, Décembre 2016, BCEAO. 7 The legislation provides for a category of établissements de crédit that includes banks and établissements financiers à caractère bancaire. 8 In this paper, “microfinance institutions” (MFIs) is used generically. 4 Regulatory Framework for Digital Financial Services in Côte d’Ivoire required to be provided free of charge.9 are a payments company and an MFI. Further, a regional financial inclusion The MFIs apparently have an interest strategy was adopted by the WAEMU in going digital, but face obstacles in- Council of Ministers in June 2016. Côte cluding deficits in human resources and d’Ivoire has a national-level policy a customer base that may not be big on this.10 enough to justify the investment. (MFIs also face the constraint posed by a reg- Legislation on e-payments (2002), and ulatory limitation on noncore business especially e-money (2006), prompted revenue.) DFS innovation, with payments, trans- fers, and airtime recharges (“first gen- Also significant are OTC services pro- eration” products) being offered by viders,11 who furnish affordable transfer bank-MNO partnerships and the devel- services to clients, including nonsub- opment of cross-border remittance cor- scribers.12 The OTC providers are, for- ridors. A series of regulations adopted in mally, subagents operating on behalf 2012–2015 have helped to clarify the re- of licensed FIs. In practice, they oper- spective roles of telecoms, FIs, and oth- ate with wide autonomy and include ers in this sector. well-established OTC companies that operate throughout WAEMU. The OTC During the latter period, the MNOs’ providers are significant for a number search for new sources of revenue of reasons. First, they extend access to led them to move increasingly into payments and money transfer services the mobile money sector. Orange has to customers who may not have digital emerged as the dominant provider in accounts (or may not use them). The Côte d’Ivoire, accounting for at least providers are not e-money issuers or 70 percent of overall mobile money payment services companies, and their transaction value, over half of all mo- services are perceived as relatively bile money customers, and thousands of cheap. On the other hand, OTC services agents (at least 11,000 total, 7,500 active are limited to person-to-person (P2P) at end 2015). In 2016, Orange Money fund transfers and some bill payments, and MTN established affiliates that are and so are not as convenient as hav- now licensed as e-money issuers under ing one’s own mobile money account. the new regulation adopted in 2015. Second, firms such as Wari and Joni Joni provide OTC services on a large Non-MNOs have a foothold in this mar- (regional) scale, using wide retail net- ket as well. Among (nonbank) e-money works that potentially give them a very issuers, the two non-MNO competitors strong competitive base to offer agent  9 These include account opening, certain teller and ATM services, account statements and others. Instruction n° 04/06/2014 relative aux services bancaires gratuits offerts par les établissements bancaires de l’UEMOA à leur clientèle. In the instruction, BCEAO simply listed the services without defining them. Reportedly, as a result, some banks have changed the names of the relevant services and charge for them. 10 This strategy has been approved but not yet implemented. The relevant action plan is available at http://microfinance .tresor.gouv.ci/m/wp-content/uploads/2016/download/autres/Strategie-plan-d-actions.pdf. Côte d’Ivoire has also im- proved the tax treatment of DFS. Fiscal legislation in 2015 shifted the value-added tax (VAT) on money transfers from a system of differentiated rates based on the types of institutions involved to a uniform rate of 18 percent. The base for this tax appears to be the fee or commission, not the transfer amount. 11 We use “OTC provider” or “OTC company” to refer to the operator who interacts with customers in delivering fund transfer services, even though this operator is legally a subagent of an FI. 12 These agents use an online platform linked to a bank account. It is important to distinguish this OTC model from those prevalent in other regions and countries, where the same terminology refers to a different arrangement such as where the client’s own account is used. 5 Regulatory Framework for Digital Financial Services in Côte d’Ivoire banking and e-money issuance. Wari, a payments as well. This digitization regional OTC services provider, competes should encourage DFS development as with the MNO-affiliated issuers in Côte it has elsewhere. d’Ivoire and has launched a Visa card in partnership with a bank linked to the re- Until recently, the national ID system gional card switch. had been a hindrance to DFS outreach. It is now reaching the majority of the population. A national ID database is be- 2.2 Market infrastructure ing developed and should facilitate the move to fully digital account access. In In terms of DFS-related infrastructure, parallel, the telecom regulator in Côte Côte d’Ivoire is modernizing infrastruc- d’Ivoire has been tasked with identify- tures that relate to DFS and address- ing all SIM card subscribers; this is ex- ing deficits that accumulated during pected to ease digital security concerns. its period of conflict. The government is pursuing a strategy aimed at closing Agent networks for FIs have been con- the digital divide. A key component is strained, in large part by policy fac- the creation of a 7,000 km-fiber-optic tors, but MNOs have growing networks “backbone” for digital communication, that are increasingly involved in DFS. of which about one-third has been laid. (Orange alone has about 10 times the The expectation is that this will attract number of service points as the banking private investment in digital communi- system.) Agents are still fairly concen- cation and information systems. In ad- trated in urban areas and do not always dition, the telecom authority has moved have sufficient access to technical sup- to simplify licensing, while government port and liquidity. has adopted a policy of moving adminis- trative services online. Limited interoperability between pay- ment systems, cards, and mobile wallets Côte d’Ivoire has also made progress is still an important problem. This issue, on the digitization of government pay- which has both technical and policy di- ments, in contrast to many of the other mensions, has been under discussion. A WAEMU countries (Koné 2016). All sec- key part of the eventual solution is now ondary school registration fees in Côte in place with the establishment of a re- d’Ivoire have been paid via mobile mon- gional payments switch, GIM-UEMOA ey since 2014, and this is leading oth- (Groupement interbancaire monétique de er public agencies to digitize incoming l’UEMOA) (discussed in the next section). 6 Regulatory Framework for Digital Financial Services in Côte d’Ivoire 3. E-MONEY AND PAYMENTS The cornerstone of many DFS frame- Union’s E-Money Directive (2009/110/ works is the legal and regulatory regime EC). Importantly, the definition in the that governs e-money. This comprises instruction enables issuers to accept rules on e-commerce, authorization and funds from the public for purposes oversight of e-money providers, and al- of e-money issuance without (simply location of activities to distinct service for that reason) having to obtain a and regulatory fields, such as banking deposit-taking license. and payment systems. The instruction allows for a few different 3.1  E-money: Regulatory definition kinds of issuers. The banking and microfi- and treatment nance laws15 provide for the following cat- egories of FIs: (i) commercial banks; (ii) The key instrument here is the 2015 payment services companies,16 a category BCEAO instruction,13 which updates the of nonbank financial institutions (NBFIs) 2006 rules on e-money. This instruction (établissements financiers à caractère ban- (art. 3) governs all e-money transactions, caire); and (iii) MFIs. Under the e-money including those carried out by card, in- instruction, all three of these types of in- ternet, and telephone. (An overview of stitutions are permitted to issue e-money key e-money rules is given in Table 1.) with a few preconditions. However, the E-money is defined (art. 1.16) as: MFIs face a (potentially) major limitation here with respect to e-money and related ■■ A monetary value, representing a li- activities other than savings and credit. ability for the issuer, stored in elec- Under the microfinance regulation, an tronic (including magnetic) form. MFI’s revenue from nonsavings/credit ■■ Issued without delay against funds services is strictly capped (at 5 percent of provided in at least an equal amount. the institution’s “risks”), unless permis- sion is obtained from the Minister of Fi- ■■ Accepted as a means of payment by nances with consent from BCEAO.17 third parties (both individuals and companies).14 Banks and payment services companies must notify BCEAO (two months) in ad- This definition appears to conform to vance of any deployment, while MFIs good international practice as repre- must get prior authorization18 from sented, for example, by the European the Minister of Finances after BCEAO 13 Instruction N°008-05-2015 régissant les conditions et modalités d’exercice des activités des émetteurs de monnaie électro- nique dans les Etats membres de l’Union Monétaire Ouest Africaine (UMOA). 14 The full definition is as follows: “une valeur monétaire représentant une créance sur l’établissement émetteur qui est stockée sous forme électronique, y compris magnétique, émise sans délai contre la remise de fonds d’un montant qui n’est pas inférieur à la valeur monétaire émise, et acceptée comme moyen de paiement par des personnes physiques ou morales autres que l’établissement émetteur.” 15 Loi-cadre portant réglementation bancaire; Loi portant réglementation des systèmes financiers décentralisés; Instruction n° 011-12/2010/RB relative au classement, aux opérations et à la forme juridique des établissements financiers à caractère bancaire; Décret d’application de la loi portant réglementation des systèmes financiers décentralisés. 16 Etablissements financiers de paiement. 17 Annexe vi-Limitation des opérations autres que les activités d’épargne et de crédit (article 36, Loi portant réglementation des SFD). “Risks” here refers to provisions against all risk assets. BCEAO points out that this rule has a prudential rationale, i.e., to help ensure that the core MFI business is strongly established before other activities are undertaken. Discussions are under way on adjustments to the MFI regulations, including this provision. 18 E-money instruction, arts. 8–14. We distinguish “authorization” (autorisation) from “license” (agrément). An authorization is an approval by the central bank (technically, per the MFI law, the Minister of Finances acting on the advice of BCEAO) for an FI to issue e-money, an activity that the institution is permitted to carry out with prior approval. A license is a permit to issue e-money obtained by a non-FI, and this requires more thorough scrutiny by the central bank. 7 Regulatory Framework for Digital Financial Services in Côte d’Ivoire TABLE 1.  WAEMU rules on e-money: Key features Regulatory features WAEMU provisions Definition of e-money E-money is defined as (i) a monetary value, representing a liability for the issuer, stored in electronic (including magnetic) form; (ii) issued without delay against funds provided in at least an equal amount; and (iii) accepted as a means of payment by third parties (both individ- uals and companies). It does not include closed-loop mechanisms. Who may be an E-money issuers can be banks, payments companies e-money issuer (category of NBFI), MFIs, and authorized nonfinancial companies (including affiliate companies set up by MNOs). Prudential requirements Banks, payments companies, and MFIs must meet ongoing prudential requirements per their licenses and BCEAO supervision. Non-FI issuers (EMEs) must meet an initial paid-up capital threshold of 300 million FCFA (US$500,000). MFIs meet this requirement if their own funds and total client deposits on their books, combined, meet the threshold. EMEs must, at all times, have equity of at least 3% of outstanding e-money issued (and at least equal to their minimum share capital requirement). Reporting requirements Monthly reports on e-money outstanding and e-money float balances in trust accounts. Quarterly reports on capital ratios against e-money outstanding, balances in trust accounts, balance sheet, e-money account volume and activity, total numbers of agents and service points, figures on mobile money and card transactions, risk indicators for new products, and fraudulent transactions. Annual audited financial reports. Fund safeguarding Funds converted to e-money to be placed in bank or MFI requirements accounts set up for this purpose—and separately identi- fied in the accounts of the issuer and depositary institu- tion. The funds must be reconciled daily against e-money issued, and settlement must be carried out by means of a payments system approved by BCEAO. E-money float must always be at least equal e-money outstand- ing. At least 75% of the value of all e-money in circula- tion must be kept in sight/demand deposits. Beyond this, funds may alternatively be placed in time deposits, T-bills, or corporate securities (of listed companies). No trust account structure required; applicability of deposit guarantee is unclear. Rules on float account E-money float is not to be exploited for the account of the issuer. No interest may be paid on the float. Issuers may be required to repay funds at any time at the par value of the outstanding e-money balance. Otherwise, reimbursement terms are set by contract. 8 Regulatory Framework for Digital Financial Services in Côte d’Ivoire consent. All must meet generally appli- The two groups (FI issuers and EMEs), cable standards and comply with the considered together, are called établisse- e-money rules. We refer to these FIs, who ments émetteurs, and can simply be re- hold existing BCEAO licenses along with ferred to as “issuers.” Thus, the following e-money authorizations, as “FI issuers.” institutions, if they meet their respective BCEAO authorization or notice require- Nonfinancial companies may also issue ments, may issue e-money: banks, pay- e-money after obtaining a license. These ment services companies, MFIs, and issuers are called Etablissements de Mon- EMEs (non-FI issuers). The following naie Electronique (EMEs or “non-FI issu- sections address the scope, limitations, ers”). They must meet separate standards and requirements in connection to this. on corporate governance and related mat- ters (e.g., fit-and-proper standards, inter- 3.2 Protection of funds nal controls) to obtain a license.19 These EME companies must be solely dedicated Issuers must promptly deposit funds re- to e-money issuance, (i.e., providing pay- ceived from e-money clients in accounts ment, transfer, and cash-in/out services specifically for this purpose at one or [distribution de monnaie électronique]). more banks or MFIs. This e-money float They cannot provide savings or credit ser- is to be separately identified in the ac- vices. EMEs can own shares only in other counts of the issuer and depositary insti- entities involved in e-money issuance. tution—and the total held by each issuer must be at least equal to the amount of As mentioned, some MNOs are in the pro- e-money outstanding at all times. The cess of setting up e-money subsidiaries placement of these funds is prescribed. to use this EME license—or have done so An issuer must place at least 75 percent already20—in preference to partnering of the value of all its e-money in circula- with (or acquiring) a bank. The e-money tion in sight/demand deposits; beyond instruction (art. 4) limits issuers’ part- this threshold, time deposits, T-bills, and nership arrangements. Issuers may en- corporate securities (of listed compa- ter such agreements only with technical nies) are acceptable. The funds received operators who restrict their activities must be reconciled daily (by the issuer to the “technical treatment” of ­ e-money and the depositary institution) against (and who are not responsible for issu- e-money issued, and settlement must be ing e-money). This provision appears carried out by means of a payments sys- designed to clarify the roles and respon- tem approved by BCEAO.21 sibilities between the e-money issuers and the technical operators, and to en- The instruction prohibits issuers from is- courage MNOs to focus on providing the suing e-money as credit and from paying technology platform. Thus, an MNO may interest on e-money float. But this does be the technical operator for either (i) a not prevent banks and MFIs from link- partner bank (or other partner FI) or (ii) ing a client’s e-money account to her/ an EME (non-FI) that the MNO partners his other accounts—for example, cred- with or establishes as an affiliate. it or savings.22 Issuers are responsible 19 These standards are not applied to FI issuers for purposes of e-money authorization because their existing BCEAO licenses require them to meet at least equivalent standards. 20 I.e., Orange and MTN in Côte d’Ivoire. 21 E-money instruction, arts. 32–35. Other placements of e-money float are not permitted: “Ils ne doivent pas être utilisés au financement des besoins de l’exploitation de l’établissement émetteur” (art. 32). 22 E-money instruction, art. 5: “Les établissements émetteurs ne sont pas autorisés à consentir . . . des services de crédit à leur clientèle, ni à payer des intérêts sur les fonds perçus en contrepartie . . . .Toutefois, les fonds provenant d’un crédit octroyé à un client par une banque ou un SFD peuvent être utilisés pour émettre de la monnaie électronique.” 9 Regulatory Framework for Digital Financial Services in Côte d’Ivoire for ensuring prompt reimbursement of rationalize the application of deposit unused funds upon the client’s demand, guarantees to e-money float. according to the terms of the e-money contract—but in any case within three The e-money instruction (art. 31) im- business days.23 In contrast to practice poses quantitative limits on e-money elsewhere (e.g., Kenya, Rwanda), the holdings per client: a maximum e-mon- BCEAO e-money instruction does not re- ey balance with a single issuer of 2 mil- quire placement of the funds in a special- lion FCFA (US$3,400) and a maximum ly structured account (trust or escrow) of 10 million FCFA (US$17,000) in to isolate them from claims on the issuer. recharges (topping-up of balance) per In case of the issuer’s bankruptcy, for month across all institutions.26 These example, it appears that the issuer’s ceilings apply to customers and issuers, creditors would be able to assert claims but not to e-money agents or payees against the float funds. (merchants). (The agents and merchants are not responsible for customer compli- Beyond this, the protection of e-money ance with the ceilings.) The instruction float depends on whether deposits are also has provisions on customer identi- insured. Côte d’Ivoire has adopted a de- fication (see Section 5). posit guarantee scheme (based on re- gional standards) that covers individual Issuers: Regulatory 3.3  and business accounts, but not whole- requirements sale deposits by banks, MFIs, or invest- ment companies.24 This scheme is not As a condition for authorization, EMEs yet in operation, nor is it fully clear how must meet an initial paid-up capi- it would treat e-money float. In princi- tal threshold of 300 million FCFA ple, bank deposits by EMEs (including (US$500,000) (e-money instruction, the required proportion of e-money art. 11). MFIs may be authorized to is- float placed in sight deposits) would be sue e-money if the sum of their own covered by the guarantee.25 But it is not funds and the total amount of customer yet clear how e-money float deposits deposits in their books reach this mini- would be treated in practice. Presum- mum threshold of 300 million FCFA at ably, e-money float received and held by the end of the financial year preceding the same FI issuer could be covered by the date of the application for authori- the guarantee, but not funds placed else- zation. The MFIs, banks, and payments where (including another bank or MFI) companies must meet ongoing pruden- by that issuer. In any event, large pooled tial requirements per their licenses and deposits would quickly exceed the de- BCEAO supervision. EMEs must, at all posit guarantee ceiling (per account). times, have equity of at least 3 percent The DFS market would be strength- of outstanding e-money issued (and ened if policy makers in Côte d’Ivoire at least equal to their minimum share (and across WAEMU) could clarify or capital requirement). BCEAO expressly 23 Clients may obtain reimbursement from an agent of the issuer, but responsibility for timely performance rests with the is- suer (art. 35). The issuer’s contract with the client may place conditions on reimbursement, consistent with the instruction. This could in principle (and within reason) require clients to approach specially designated agent(s) for this purpose. 24 Statuts du fonds de garantie des dépôts dans l’Union Monétaire Ouest Africaine (UMOA) 2014, art. 22. 25 EMEs are treated as ordinary businesses depositing money, while FIs and FI-issuers are responsible under their licenses for bearing the risks of any fund placements—and thus are not covered by the guarantee. However, since all these deposits are more like aggregated individual deposits than large-investor deposits, they fit the rationale of the deposit guarantee. 26 E-money instruction, art. 31. Unlike e-money regulations elsewhere, the BCEAO instruction refers not to transactions but to holdings (les avoirs) and recharges of holdings (rechargements). This corresponds most closely to a maximum balance (at any time) and a ceiling on cumulative monthly e-money purchases (hence also expenditures/sales). 10 Regulatory Framework for Digital Financial Services in Côte d’Ivoire reserves the authority to increase the architecture (e-money instruction, Annex required capital for any EME based on I). All issuers are subject to prudential su- its risk assessment. pervision by BCEAO, including inspection and sanctions, and reporting requirements Whereas banks must simply notify (monthly and quarterly, arts. 36–37). Is- BCEAO, MFIs must apply for an e-money suers are further required to provide for authorization—and thus meet the capi- secure and reliable e-money platforms, tal requirement. This could, in some cas- guarantee the integrity and confidentiality es, require them to increase their capital. of information used in their services, and Under the law on MFIs and subsidiary establish satisfactory internal control and regulations,27 there is no fixed minimum risk management systems.29 capital for MFIs—rather, a capitalization formula in which shareholders’ equity 3.4 E-commerce, e-signature or fonds propres net exceeds assets by 15 percent. To become an e-money issuer, an E-money (and DFS, generally) depends MFI must have a minimum of 300 million on the framework for e-transactions. The FCFA in fonds propres net combined with critical component here is the certification total client deposits. Thus, minimum of digital documents (with e-signatures) capital and capital ratios vary from one that have replaced paper documents. MFI to another, and may be more or less There is both national and regional legis- than the e-money license requirement.28 lation in this area, including the 2002 Also, as in the case of EMEs, BCEAO may WAEMU payments regulation30 and more decide to call for increased capital based recently (2013–2014) the Ivoirian legisla- on its assessment of risk. This last point tion on e-transactions and e-signatures.31 fits with the perception that BCEAO has been quite strict in considering e-money The 2002 WAEMU regulation applies by license applications, especially from virtue of the Union’s (and BCEAO’s) pre- MFIs, taking into account factors such as dominant authority over financial ser- overall resources, information systems, vices. Under the regulation (arts. 17–30), and organizational vision. an e-signature certified by a qualified, approved entity has the same validity Authorization and licensing applications as a physical signature (for purposes of require documents such as business payments)—and the certificate need not plans, financial projections, risk manage- be presented when the signature is used, ment approach, and technical systems unless its authenticity is questioned. 27 Loi portant réglementation des systèmes financiers décentralisés; Instruction n° 010-08-2010 relative aux règles prudentielles applicables aux systèmes financiers décentralisés des Etats membres de l’Union Monétaire Ouest Africaine (UMOA); Annexe viii: norme de capitalisation; Instruction n° 005-06-2010 déterminant les éléments constitutifs du dossier de demande d’agrément des systèmes financiers décentralisés dans les états membres de l’Union Monétaire Ouest Africaine (UMOA), art. 4. 28 At the time the current microfinance law was enacted in 2008, the sector followed a mutualist model of financial coopera- tives, federations, and apexes. Minimum capital and capital adequacy were not given a fixed definition across the sector (as in a number other savings and credit cooperative worldwide). The new law and regulations inserted prudential rules aimed at shoring up the cooperatives and accommodating new MFIs based on a corporate model. For the new corporate MFIs, share capital must be fully paid up before approval of the institution’s license (and must be fully subscribed and at least 25 percent paid up before the license application). All MFIs must meet capitalization norms aimed at ensuring solvency. The capitalization formula requires the MFI’s own funds or shareholders’ capital (fonds propres net), broadly defined to include forms of lower-tier capital such as subsidized capital and subordinated debt, to exceed total assets by at least 15 percent. 29 These arrangements are stated explicitly for EMEs. For FI issuers, they are mentioned in the context of their duty to comply with BCEAO prudential requirements (e-money instruction arts. 16, 25). 30 Règlement N° 15/2002/CM/UEMOA relatif aux systèmes de paiement dans les états membres de l’Union Economique et Monétaire Ouest Africaine (UEMOA). 31 Loi no. 2013-546 du 30 juillet 2013 relative aux transactions électroniques; Décret no.2014-106 du 12 mars 2014 fixant les conditions d’établissement et de conservation de l’écrit et de la signature sous forme électronique. 11 Regulatory Framework for Digital Financial Services in Côte d’Ivoire Côte d’Ivoire’s e-transactions law (art. opening are not possible in Côte d’Ivoire 50) places e-commerce under the juris- because paper certificates are required diction of the national telecoms regulator to back e-signatures. This complicates (Autorité de Régulation des Télécommuni- the opening of digital accounts, and cations/TIC de Côte d’Ivoire or ARTCI). The (prospectively) the conclusion of digital law includes provisions on advertising, credit agreements. According to ARTCI, offer and acceptance, contracts, trans- individuals must apply for e-certificates parency of prices, and ID of the seller/ directly (i.e., in person or through an au- provider—its definition of e-commerce thorized representative). It is possible clearly includes DFS. E-documents (and that ARTCI-approved certificates do not e-signatures) that meet security stan- meet the requirements of the 2002 pay- dards have the same legal validity as pa- ments regulation. Such inconsistencies per copies (arts. 23–35).32 would need to be resolved by either interagency agreement or by another The Ivoirian legislation contains pro- appropriate intervention. visions parallel to those of the 2002 WAEMU payments regulation on the According to BCEAO, work is underway form, validity, and certification of to craft revisions to the 2002 payments e-signatures. The 2013 law deals with regulation, including removal of the e-transaction security (arts. 36–39), in- requirement to retain physical signa- cluding e-signatures. The 2014 decree tures (art. 19). Further, regionwide cer- imposes security requirements on e-sig- tification is expected to be provided by natures, for example, exclusive control Système Ouest Africain d’Accréditation by the signatory and protection from (SOAC)—a body established in 2005, manipulation and unauthorized use but not yet operational. (arts. 3–7). An e-signature cannot be accepted unless it is secured by a qual- 3.5 Payments ified e-certificate (arts. 8–12) delivered by ARTCI or an approved provider. The The e-money rules were introduced into contents of these certificates are defined a landscape already shaped by earlier along with procedures and requirements legislation on payment systems. The for approval of the certificate provider.33 utility of e-money as a means of payment raises the question of how it fits with Thus, regional and national regulations existing payments systems. The 2002 each provide in principle for transactions WAEMU payment regulation sets the to be carried out and signatures to be made ground rules here. The regulation puts effective entirely by digital means, once a BCEAO in charge of supervising all pay- certified e-signature is in place. In both in- ment systems (including their security stances, procedures are outlined for signa- and smooth functioning), and it autho- ture certification and for the registration rizes banks, MFIs, the Post, and the Trea- of certification services providers.34 sury to provide payment services.35 The In practice, however, it is reported that 2010 BCEAO instruction classifying non- fully electronic processes for account bank institutions includes a specialized 32 E-commerce documents are to be archived for 10 years (unless there is a provision calling for a shorter period [art. 40]). 33 These provisions are broadly consistent with the UNCITRAL Model Law on Electronic Signatures, but they lack equivalent detail, which could be developed in Côte d’Ivoire in the course of implementation. Additional security for e-data is provided by Loi no. 2013-451 du 19 juin 2013 relative à la lutte contre la cybercriminalité. 34 As BCEAO points out, regional-level legislation (in fields encompassed by regional jurisdiction) prevails over measures adopted at the national level, and thus in principle there is no conflict. In practice, however, there are some inconsistencies. 35 BCEAO’s supervisory role here was further defined in Instruction n°127-07-08 du 9 juillet 2008 fixant les modalités de mise en oeuvre de la surveillance par la BCEAO des systèmes de paiement dans les Etats membres de l’UEMOA. 12 Regulatory Framework for Digital Financial Services in Côte d’Ivoire BOX 2.  WAEMU Payment and Settlement Systemsa The main systems for digital transfers and settlements in WAEMU are GIM-UEMOA, SICA-UEMOA, and STAR-UEMOA. GIM-UEMOA is a unique ATM and POS switch for card payments across UEMOA. SICA-UEMOA is the automated retail payments exchange and settlement system. It handles transfers of up to 50 million FCFA (US$85,000). Settlement of payments through SICA-UEMOA and GIM-UEMOA are linked to a deferred settlement arrangement under STAR-UEMOA, the whole- sale payments system that handles amounts above the SICA-UEMOA limit. SICA-UEMOA comprises nine settlement systems (a regional system and one for each WAEMU member). STAR-UEMOA essentially handles interbank transfers, set- tlement of securities transactions (for liquidity purposes), and others in real time, along with (delayed) wholesale settlement for SICA-UEMOA and GIM-UEMOA. BCEAO supervises STAR-UEMOA and SICA-UEMOA, and it owns a majority share in GIM-UEMOA. Membership in these payment systems is limited to BCEAO, banks, NBFIs (STAR-UEMOA), and treasury and postal authorities (SICA-UEMOA). (Per-transaction commissions are set at 100 FCFA for SICA-UEMOA and 150–420 FCFA for STAR-UEMOA, depending on timing and volume.) a. World Bank, Diagnostic des paiements de détail et stratégie pour développer leur utilisation dans l’UEMOA, draft report, October 2014; BCEAO website. category of companies authorized to increasingly electronic. In addition, the provide payment services. Other NBFIs Post is authorized to serve as an agent may also provide such services with pri- for e-money services (see Section 4). or authorization from BCEAO.36 It has sought to market its products in partnership with commercial entities, Payment methods covered by the 2002 for example, teaming with Western regulation include (in addition to ne- Union on international transfers and gotiable instruments) e-transfers, bank with BHCI bank on a prepaid card and cards (ATM and payment cards), and e-wallet smartphone app. prepaid cards.37 The regulation requires participants in payment systems to The payments regulation does not dif- abide by the rules set by each system, ferentiate between wholesale and retail and it sets general standards for reliabil- payments. The bank-based payment ity, security, and enforcement of e-trans- systems account for most large-volume actions (later strengthened in Côte and bulk payments (as well as much d’Ivoire by the 2013 e-commerce leg- of the retail payments traffic). In prac- islation). Payment services offered by tice, the e-money system is focused on the Post also come within the purview small-value, low-volume transactions. of BCEAO, under the 2002 payments Payments made by means of e-money regulation. Côte d’Ivoire’s postal legis- are covered by the regional payments lation38 provides for issuance of money legislation, and so are subject to the orders (mandats)—fund transfers that rules of the relevant payment systems. were traditionally sent by mail but are (See Box 2.) 36 Instruction N° 011-12/2010/RB, arts. 8, 9.  37 A prepaid card is (somewhat confusingly) designated in the regulation as a porte-monnaie électronique. 38 Loi no. 2013-702 du 10 octobre 2013 portant Code des Postes. 13 Regulatory Framework for Digital Financial Services in Côte d’Ivoire We could describe the payments and payments ecosystem so that its dif- e-money systems in WAEMU as a se- ferent participants can play together ries of loops that are largely closed on the same level playing field. Recent and not interoperable. BCEAO is re- studies have advocated such a reform to sponsible for supervising them and harmonize the various systems (World ensuring security, but there has yet Bank 2014). This is discussed further in to be a strong push to rationalize this Section 7. 14 Regulatory Framework for Digital Financial Services in Côte d’Ivoire 4. USE OF AGENTS Widespread access to agents that oper- ■■ Permitted to use banking agents ate under appropriate safeguards is also (intermediaries/IOBs)42 under re- critical to DFS, and to financial inclusion, strictive conditions defined in a 2010 generally. For simplicity, we use the term BCEAO instruction: Banks. “agent” to refer to a third party acting as a primary, retail-level, or subcontracted 4.1 E-money representative or distributor for DFS or banking services. Authorizing the use of The e-money instruction (arts. 2, 17) agents opens up the possibility of broad provides for a two-tier system of prima- distribution networks. The regulatory ry agents and subagents. Those permit- framework in WAEMU enables finan- ted to serve as primary agents are re- cial services providers to use agents for tailers and other businesses (registered e-money and rapid (OTC) fund transfers, companies or individuals) as well as but it is more restrictive with respect to MFIs, the Post, and other NBFIs. These agent banking. (See Table 2A for a syn- agents may then outsource to subagents, opsis of key rules on the use of agents.) who must be registered businesses (in- The scope for use of agents by different cluding individuals and companies). The organizations in this field is approxi- qualifications of agents and subagents mately as follows: are not specified in the instruction, be- yond those just mentioned.43 ■■ Permitted to use primary agents (distributors) and retail agents (sub- As for services that can be outsourced agents)39 for e-money services, un- to agents, these come under the heading der the 2015 e-money instruction: of marketing and supply of services re- Banks, payments companies, MFIs, lated to e-money (e-money instruction, and EMEs (including MNOs). art. 17), and include signing up clients to e-money accounts (i.e., processing appli- ■■ Permitted to use retail agents (sub- cations on behalf of the issuer44), cash-in agents)40 for OTC transfers under and cash-out, and payment services.45 the 2015 rapid fund transfers regu- Exclusive agency agreements (i.e., those lation: Banks, payments companies that require an agent to serve a single is- and other NBFIs, and MFIs. suer exclusively) are prohibited. ■■ Not legally empowered but may be The issuer (principal) remains legally re- permitted by BCEAO on an excep- sponsible to its clients and third parties tional basis to use agents for micro- for all of the services contracted out to finance services, under the MFI law its primary agents (e-money instruction, and recent BCEAO practice: MFIs.41 arts. 2, 17–18, 25). Among the duties of 39 Called distributeurs and sous-distributeurs. 40 Called sous-agents. 41 BCEAO reports that it received a request to this effect from Microcred Côte d’Ivoire in 2016, but that it is still considering the matter and has not issued a formal decision to authorize or prohibit agents in this case. 42 This is “agent banking” or providing core banking services such as savings and credit through an agent. Regulations on e-money and rapid transfers permit banks to use ordinary (not IOB) agents for the limited purpose of providing those par- ticular services. 43 As noted in Section 3, partners are in a different category. They may only supply or operate technology solutions, and are otherwise not permitted to participate in e-money issuance (e-money instruction, art. 4). 44 “La souscription des contrats d’utilisation [user agreements] avec la clientèle.” 45 Also, the payments regulation of 2002 (art. 1) supports the use of intermediaries in payments systems. 15 Regulatory Framework for Digital Financial Services in Côte d’Ivoire TABLE 2.  Rules on agents in DFS Regulatory features WAEMU provisions Who may use Banks, payments companies, MFIs, and EMEs (including MNOs) agents, for what permitted to use agents and subagents for e-money services. purpose Banks and MFIs are permitted to use (sub-) agents for rapid fund transfers. Permissibility of using agents for ordinary banking services is limited for banks, and unclear for MFIs. Banks may use agents (IOBs) under restrictive conditions. BCEAO has in effect allowed an MFI in one case to use agents for microfinance services (regulation does not expressly permit). Who may be an E-money agents may be MFIs, NBFIs (including the Post), and agent: eligibility registered businesses (individuals or firms)—the last group may also be subagents for e-money and rapid transfer. Qualifications of agents and subagents are not spelled out in DFS legislation. Any fit-and-proper standards would be imposed by the agent’s charter or registration. Liability of DFS E-money issuers are legally responsible to their clients and provider for agents third parties for their agents. Issuers’ responsibilities includes the ­reliability, security, confidentiality, and traceability of ­ transactions conducted on their behalf by the agents. The same is true for rapid transfer services provided by agents. Risk assessment E-money issuers must ensure that their agents have appropriate procedures for internal control, accounting, and risk management procedures provider to use and manuals. Agents must have sufficient liquidity to meet agent channel the needs of e-money holders/clients, and must ensure the traceability of transactions. All issuers must send BCEAO descriptions of the risk management arrangements they have in place—in particular, those dealing with agent liquidity. For rapid transfer, the agency agreement must specify that the agent acts under the comprehensive responsibility of the principal, though due diligence procedures are not spelled out. The principals using agents for transfer services must be banks or MFIs. Permitted and E-money services that can be outsourced to agents include prohibited activities the signing of user agreements with clients, cash-in and cash- for banking and non- out, and payment services. Transfer (sub-) agents are limited to banking agents sending and receiving transfers and related cash handling, but may not carry out any other banking function such as deposit collection (except if the agent is an MFI). Banking agents (IOBs) provide core banking services under restrictive conditions, and under the banks’ supervision and liability. General reporting E-money issuers must report to BCEAO the current list of requirements to the agents, and the risk mitigation measures in place in its agent supervisor network, including governance and liquidity risks. Transfer agents’ principal institutions must send BCEAO annual updated lists of agents, a copy of the model agency contract being used, and monthly reports on transfer operations by their agents. Banking agents (IOBs) must submit periodic reports to BCEAO on the nature and volume of their business. Exclusivity Contracts binding an e-money agent exclusively to a single issuer are prohibited. The same rule applies to transfer subagents and their principals. No such rule for IOBs but an IOB can operate for several banks. 16 Regulatory Framework for Digital Financial Services in Côte d’Ivoire the agent, for which the issuer is ulti- issuers, have an existing financial ser- mately responsible, are the following: vices license. The e-money rules (art. 37) grant BCEAO the authority to inspect ■■ Conducting the necessary due dili- EMEs along with their e-money agents gence on clients and providing for and technical services providers— the security of all its transactions.46 bringing in other regulatory authorities as needed. Further, EMEs are expressly ■■ Ensuring the confidentiality and required to have appropriate internal traceability of the transactions they control, accounting, and risk manage- handle. ment procedures and manuals—and to ■■ Having sufficient liquidity to meet the ensure that their agents do as well.47 needs of e-money holders/clients (arts. 17–18, 25). 4.2 Transfers ■■ Informing the public (by posting and In addition, a BCEAO instruction48 au- other means) of the identity and con- thorizes banks, NBFIs, and MFIs to tacts of the issuers they represent. provide rapid fund transfers—i.e., over- ­ the-counter (OTC) transactions—by Agents are also required to report activi- means of retail agents (sous-agents). The ties raising suspicion of money launder- “OTC” designation is used in a variety of ing to the issuer, who is responsible for ways across different markets. One defi- any further steps in this regard (art. 26, nition of transactions as OTC is simply see Section 5). that “at least one end of the transac- Thus, issuers bear primary responsibili- tion is conducted without involving the ty for supervising their agent networks, wallet of the user—either the sender with BCEAO playing a higher-level over- or the receiver.”49 The BCEAO instruc- sight and inspection role. All issuers tion defines the relevant transactions must send BCEAO updated lists of their real-time transfers (within U as ­ ­ EMOA50) agents on a regular basis (as part of performed OTC at an authorized provid- regular monthly and quarterly report- er or agent, and not involving any bank ing), along with descriptions of the risk e-money account (of either the send- or ­ management arrangements they have in ­ ecipient). er or r place—particularly those dealing with agent liquidity. There is no requirement The instruction sets a number of con- of prior approval by the regulator. How- ditions for use of rapid transfer agents. ever, BCEAO may check the legal compli- The agents (OTC providers) act under ance of agency arrangements ex post. the comprehensive responsibility of the principal (FI) and for the principal’s ac- A few additional rules apply to the count. Agents have a role in customer EMEs—which do not, unlike the other due diligence similar to that of e-money 46 Primary agents execute contracts with clients on behalf of the principal. Subagents, in turn, sign contracts on behalf of the primary agents who hire them, and under the overall responsibility of the issuer. 47 These rules appear aimed at bringing EMEs under the same oversight as FIs acting as issuers. 48 Instruction N° 013–11–2015 relative aux modalités d’exercice de l’activité de transfert rapide d’argent en qualité de sous-agent au sein de l’Union Monétaire Ouest Africaine. 49 “OTC transactions . . . come in many forms in different markets—from the direct deposit by the agent into the end-user’s wallet in Kenya to the transfer of money from one agent to another agent, with or without identification, in Pakistan and Bangladesh respectively” (Wright 2014). 50 Movement of funds to countries outside the region is restricted to institutions such as the Post, change bureaus, and others approved under Règlement R09/2010/CM/UEMOA du 1er octobre 2010 relatif aux relations financières extérieures des Etats membres de l’UEMOA, art. 2. 17 Regulatory Framework for Digital Financial Services in Côte d’Ivoire agents. The principal institution is pri- to fit-and-proper standards, a required marily responsible for ensuring that its financial guarantee (by a principal agents comply with the transfer rules, bank52), and regular reporting. Banks but BCEAO has discretion to inspect the are responsible for direct supervision agents directly. Agents are not subject of IOBs and for maintaining an updated to prior approval, but their principal list of IOBs with the central bank. Tech- institutions must send BCEAO (and the nical, operational, and governance stan- Banking Commission and Ministry of dards for IOBs are not spelled out in the Finance) annual updated lists of agents, BCEAO instruction. (They are presum- a copy of the model agency contract be- ably defined in the agency agreement ing used, and monthly reports on trans- with the principal bank and the terms fer operations by their agents. Exclusive of approval by the Ministry and central agencies are prohibited, as in the case bank.) of e-money agents. Lastly, rapid transfer agents are not allowed to collect funds World Bank (2016) concludes that this for reasons other than OTC transfer (e.g., structure is not at all well-designed to deposits)—unless the agent is an MFI. support agent banking in the DFS con- text, especially since it makes the estab- FIs and EMEs, among others, have lishment of large agent networks costly expressed concern about low-cost and difficult. Indeed, the IOB model competition from OTC providers and (originally derived from French com- the relatively light regulation to which mercial law) did not come into being the latter are subject. However, given as an instrument for expanding finan- the lower risk profile of transfers as cial inclusion. It is a business niche compared to other forms of DFS, such as for a “middle man” (intermédiaire) e-money, a lesser regulatory burden and operating within the traditional bank- lower costs are to be expected. The OTC ing sector and on its (her/his) own framework appears to make a valuable account—comparable to an insurance alternative available to DFS customers. agency. The procedures involved in setting up an IOB, including the re- 4.3 Agent banking quirement of a guarantee, encourage the banks to have fewer (more finan- Beyond e-money and OTC transfers, the cially solid) IOBs rather more small scope for using agents is less clear. Agent outlets. Thus, from the introduction of banking has proven difficult. The rules the rules in 2010 until early 2016, only are highly restrictive for banks, and five IOBs were approved and registered there is no explicit framework for MFIs. by BCEAO in the region. Further, in con- Banks are authorized to use Intermédi- trast to the e-money instruction, the IOB aires en Opérations de Banque (IOB), a instruction is silent on whether IOBs can type of agent, by the banking law (art. contract out functions to subagents. In 105) and a 2010 BCEAO instruction.51 the context, this silence is to be under- This instruction requires each prospec- stood as a negative. IOBs, then, cannot tive IOB to obtain separate, prior ap- subcontract, but in practice they do have proval from the Ministry of Finance on multiple outlets (branches and satellite the advice of BCEAO. Each IOB is subject offices).53 51 Instruction N° 015-12/2010/RB fixant les conditions d’exercice des activités d’intermédiaires en opérations de banque. 52 E.g., for an IOB handling bank deposits, the required guarantee (or insurance policy) is approximately US$26,000. 53 Branches and satellite offices are captured in the term agence used several times in the banking law (e.g., arts. 15, 25)—i.e., they are not legal agents but service points staffed by the bank. 18 Regulatory Framework for Digital Financial Services in Côte d’Ivoire For MFIs, the issue of providing credit and for MFI agent services are not defined savings services through agents is not in the legislation. In practice, BCEAO has addressed directly. The microfinance law authority to permit MFIs to use agents (art. 36) is silent on the use of agents but for core financial services on a case-by- recognizes that the MFIs have discretion case basis. The central bank recently al- to enter arrangements to better serve lowed an MFI (Microcred) to launch an their clients. Conditions and standards agent banking pilot in Senegal.54 54 As noted, BCEAO has not made a formal determination, nor has it halted the pilot. It is not clear what conditions apply to agents operating under this pilot. Microcred’s agents network concept is briefly described at http://www.microcredgroup.com/fr/ solutions/innovation-et-technologie/b/60-87- 19 Regulatory Framework for Digital Financial Services in Côte d’Ivoire 5. CUSTOMER IDENTIFICATION Expanding access to DFS requires secure presented and what additional informa- methods of identifying clients. A propor- tion is to be collected for KYC purposes. tionate approach that calibrates such The system of official ID documentation safeguards based on risk is also needed. itself, by contrast, is a matter of national The issue of identification arises partic- policy. In Côte d’Ivoire, recent efforts by ularly in the context of policies on AML/ the government have resulted in some CFT (see Box 3). 70 percent of the Ivoirian population (as of mid-2016) having official IDs. Anti-money laundering legislation poses Further, the National Office for Identifi- the challenge of balancing safety against fi- cation is in the process of establishing a nancial inclusion in the design of KYC rules comprehensive digital identifier system and procedures. In light of this, the policies as part of an overall reform of civil status and systems for ID documentation and and identity records.55 then the KYC requirements applied to DFS customers are addressed in the following. The Ivoirian telecoms regulator, ARTCI, sets the rules for identifying customers 5.1 Identity documentation who wish to obtain SIM cards, internet subscriptions, and other forms of digital In the financial system, BCEAO regu- access. Starting in 2009, ARTCI sought lations determine when ID must be to identify all users of prepaid SIM cards BOX 3.  AML/CFT legislation in WAEMUa A 2015 WAEMU directive provides anti-money laundering safeguards for the financial sector and for a wide range of actors involved in relevant activities. The list of entities covered includes banks, MFIs, e-money issuers, payments and trans- fers companies, commercial and consumer credit providers, and agents that pro- vide financial services. The directive uses the following term for agents: les appor- teurs d’affaires aux institutions financières. Also, professionals such as accountants, auditors, lawyers, and notaries are included for most purposes (art 5). Each WAEMU member state is to maintain a financial intelligence unit (FIU) under Ministry of Finance supervision but with financial and operational autonomy. The FIU (Cellule Nationale de Traitement des Informations Financières or CENTIF) is charged with collecting, analyzing, and sharing information on sources of funding flows reported in mandatory filings and related AML/CFT issues (arts. 59–60). Member states are to have supportive legislation (Côte d’Ivoire enacted a law in this field in 2005). Côte d’Ivoire is making efforts to meet international standards in this area. It is not a member of the Financial Action Task Force (FATF), but it does lead the Inter-Governmental Action Group against Money Laundering in West Africa (GIABA). The latter, a network of FIUs within WAEMU, coordinates institutional reforms to strengthen AML/CFT in the region. a. Directive N° 02 /2015/CM/UEMOA du 2 juillet 2015 relative à la lutte contre le blanchiment de capitaux et le financement du terrorisme dans les états membres de l’Union Economique et Monétaire Ouest Africaine (UEMOA). This is supported by a parallel enactment of the Council of Ministers of UMOA: Décision N° 26/CM/ UMOA du 2 Juillet 2015. 55 ARTCI Bulletin de Veille Electronique, 1er trimestre 2016, identifiant unique en Côte d’Ivoire. 20 Regulatory Framework for Digital Financial Services in Côte d’Ivoire and to compile a database of all mobile undertaken a review of these ID require- services customers.56 The ID requirement ments, which are expected to be tight- was formalized in a 2011 decree that pro- ened further. The financial sector has its hibits the sale of prepaid SIM cards and own, mainly regional, standards for cus- the activation of any SIM card without pri- tomer ID. or customer ID.57 Mobile phone and inter- net services providers must check a valid 5.2 Know Your Customer form of ID from every individual custom- er and record her/his full name, place and This section addresses customer ID re- date of birth, address (postal and physi- quirements relevant to DFS. The adjust- cal), phone number, occupation, and de- ment or tiering of these requirements to tails of ID document (this information is accommodate financial inclusion is dis- not available from a central database).58 cussed in the next section. Acceptable forms of ID must have a photo and may include national ID cards, pass- KYC procedures are spelled out in the ports, driver’s licenses, refugee cards, and 2015 WAEMU directive on money laun- professional or student IDs. Copies of re- dering.61 Before any business is trans- cords and ID are to be kept for three years. acted, all covered entities must identify their clients—both individuals and or- Côte d’Ivoire’s telecoms ordinance af- ganizations. This means obtaining the firms these requirements for all oper- client’s full name, place and date of birth, ators and providers of telephone and and primary address, and verifying internet services. It requires the same these by checking a valid “official docu- of any third-party agents involved in ment” with a photograph (to be copied) signing up customers; it places a corre- and documented proof of address. In ad- sponding duty on subscribers.59 Services dition, merchants must present a copy providers/operators are also required of their business registration. to report their numbers of subscribers, monthly, to ARTCI.60 Under the AML/CFT directive, ID in- formation is to be collected at various Thus, two tendencies are at work here. points of the business relationship and On the one hand, Côte d’Ivoire is in the retained. This applies to the opening of process of expanding its ID system to accounts, fund transfers, and establish- provide something akin to universal ment of a business relationship. Full or coverage. This will relieve a constraint enhanced KYC is required when there that traditionally excluded large por- are frequent cash transactions or when tions of the population from access there is any suspicion of money launder- to financial services. In parallel, ID ing, terrorism financing, or use of false requirements for access to mobile documentation. Covered entities must phones and other digital informa- continuously collect and update speci- tion channels are becoming stricter fied client information for the duration and more uniform. Indeed, ARTCI has of the business relationship. Additional 56 La Lettre de l’ARTCI, July 2010, http://www.artci.ci/. 57 Décret no. 2011-476 du 21 décembre 2011 portant identification des abonnés des services de télécommunications ouverts au public. The requirement was carried over into the 2012 telecoms ordinance. 58 A person applying for a subscription on behalf of another person must present the original IDs of both. 59 Ordonnance no. 2012/293 Relative aux Télécommunications et aux Technologies de l’Information et de la Communication, arts. 163, 166. Acceptable forms of ID are listed in a separate decree. 60 World Bank, IOBs (2016). ARTCI is also reported to be drafting a revised version of the ID decree. 61 Arts. 18–29, 32–33, 40. 21 Regulatory Framework for Digital Financial Services in Côte d’Ivoire AML/CFT precautions are to be taken client ID and oversight while retaining in the case of most e-transfers. Here, FIs ultimate responsibility for these obli- must, in addition to obtaining and veri- gations (arts. 56–58). Agents must be fying the information mentioned, record covered entities or relevant profession- any FI and account number being used als (e.g., accountants, lawyers) based in for the transfer and include the client’s WAEMU, or others approved by BCEAO. identifying information in the message The agent must promptly make the cli- accompanying the transfer. Extra pre- ent ID information available to the prin- cautions are also required for many cipal FI, which can then share it with transactions by occasional clients (i.e., partner institutions in WAEMU or else- above a threshold of 10 million FCFA where with equivalent protections for [US$17,000] or where the client is not client data. physically present).62 Anonymous ac- counts or those under assumed names As for internal corporate safeguards, are prohibited. all covered institutions are required to train their personnel and establish The 2015 BCEAO instructions on e-money control systems—including centralized and rapid funds transfers stipulate that information systems and responsibility services providers addressed by those and procedures for treatment of suspect instruments must identify their clients and transactions—to ensure compliance that these providers are subject to regu- with AML/CFT obligations (arts. 23– lations in effect dealing with AML/CFT. 25). Additional internal controls are re- The rapid transfer/OTC providers must quired for FIs, to be further specified by comply with the KYC ID requirements and regulation (arts. 35, 90–91). These must the provisions on transactions thresh- include risk classification systems based olds (rapid transfer instruction, art. 5).63 on factors such as types of services and E-money issuers are required to identify clients, monitoring and audit proce- new clients by means of an “official docu- dures to deal with risk, and appropriate ment” (art. 27), subject to a limited excep- standards for personnel recruitment. tion (see Section 5.3). The issuers must Risk assessment and management pro- supervise their agents and subagents and cedures are to be specified and applied ensure that there are security and monitor- within the FI and its branches and affili- ing provisions sufficient to meet standards ates. Client ID documentation must be in the AML/CFT regulations (e-money preserved for 10 years from the end of instruction, arts. 18, 26). The agents have the relationship or transaction. a duty to inform their principal issuers of any e-money dealings that are suspected of In the absence of appropriate tiers or having links to money laundering (which exceptions, the rules just discussed the issuers are then to report to CENTIF). would be disproportionate to the risks involved in small transactions. The The AML/CFT directive addresses two rules would also tend to exclude low-­ further issues that are relevant in the DFS income persons who may not be able context—use of agents and required in- to meet the ID requirement (although ternal safeguards. On the first point, cov- this is becoming less of a problem with ered entities are permitted to outsource improvements to the ID system). 62 Added precautions are required for certain international transactions and where there is an effort to protect anonymity. 63 Transfers are also subject to the banking law, the regulation on international financial relations (09/2010/CM/UEMOA), and the earlier AML/CFT directive (Directive n°07/2002/CM/UEMOA du 19 septembre 2002 relative à la lutte contre le blan- chiment de capitaux et le financement du terrorisme (LBC/FT) dans les Etats membres de l’UEMOA). 22 Regulatory Framework for Digital Financial Services in Côte d’Ivoire 5.3 KYC tiering Electronic transfers by FIs on behalf of clients are, in principle, subject to less Striking the right balance in KYC re- stringent requirements (art. 33).65 The quirements means taking a risk-based institution is required to record and approach in which standards are gradu- verify the client’s full name and either ated or tiered to accommodate financial the client’s address, national ID number, inclusion. The 2015 WAEMU directive or date and place of birth (in addition to on AML/CFT provides some risk-based the account number, if available). The accommodation in the form of lighter-­ numbers of any accounts used by the touch KYC, but does not create KYC sender or recipient are also to be record- tiers.64 The directive only varies the way ed. These requirements do not apply in which ID requirements are applied where an e-funds transfer is made with rather than providing exceptions for cli- a credit or debit card or by mobile tele- ents without official ID documents. phone, provided the transfer is for the purpose of paying for goods or services Thus, for example, where the risk of and the card or phone number is includ- money laundering is low (this is to be ed in all relevant transfer messages.66 spelled out in regulations not yet is- In any case, these provisions deal with sued), client ID can be carried out during transaction-specific checks to be carried the establishment of the business re- out in addition to the ID steps required lationship rather than fully in advance. by arts. 27–29 of the AML/CFT directive. Also, the continual oversight and updat- ing of client information in the course E-money issuers, as mentioned, are re- of the business relationship can be re- quired under the 2015 e-money instruc- duced in intensity if AML/CFT risks are tion to identify new clients by means of low. These oversight and updating pro- an “official document.” The instruction cedures can be dropped altogether for permits the issuer to make an exception certain small transactions by FIs, listed for customers engaged in small e-money companies, and government agencies. transactions (up to 200,000 FCFA [US$340] of e-money per month, per cus- Covered entities, moreover, can be per- tomer). However, in the case of mobile mitted by regulation (defining the rele- money, those customers would already vant circumstances and categories of have had to undergo an ID process to ob- institutions) to forego identifying a cli- tain SIM cards. Further, the WAEMU direc- ent and/or beneficiary of online pay- tive on AML/CFT, which takes precedence ment services when they determine over the BCEAO e-money instruction, that risk is absent (arts. 46–48). This ap- does not authorize an ID exception for plies where the client’s funds originate small transactions (although other limited from an account opened under her/his carve-outs are permitted, as mentioned). name at an FI based in WAEMU, or an- other country with equivalent AML/CFT Overall, the KYC provisions that accom- safeguards, and the funds are being sent modate low-risk clients and transac- to an account that meets comparable tions are not of the type that advance standards. The transfer may not exceed financial inclusion. In its specific appli- 150,000 FCFA (US$255), and the client’s cation to e-money issuers, the AML/CFT transaction total for the year may not ex- directive in effect nullifies the excep- ceed 1.6 million FCFA (US$2,700). tion for small e-money transactions. 64 Arts. 19, 20, 29, 33, 46–48. 65 This refers to a virement électronique or transfer between accounts at different FIs (AML/CFT directive art. 1). 66 Also exempt are transfers between FIs for their own account and payments to government. 23 Regulatory Framework for Digital Financial Services in Côte d’Ivoire 6. CONSUMER PROTECTION As with financial services generally and this area but does not have the techni- especially in the context of reaching the cal expertise (or the interest) to regu- unbanked, the sound development of late financial services. At least for now, DFS hinges, to a large extent, on appro- the main protections for DFS clients in priate protection of consumers. Because Côte d’Ivoire are those contained in the consumer risks are heightened in this legal-regulatory provisions on financial context well-designed protections are services (regional) and e-transactions needed. Three critical components of this (national). The new consumer legislation have already been mentioned: the safe- in Côte d’Ivoire should offer additional guarding of client funds, the regulation protections and oversight, but it has not and oversight of agents, and security of been implemented yet. (See Table 3 for an e-signatures and e-commerce channels. overview of DFS consumer protections.) There remain three further important elements: (i) fair and transparent dealing, 6.1 Transparency and conditions (ii) channels for consumer complaints, of services and (iii) treatment of client data. In the WAEMU region, consumer protec- Initiating a DFS transaction or relation- tion is treated generally as a matter of ship raises issues of account opening and national jurisdiction, while financial ser- transparency of terms. What information vices and the rules protecting clients in must be disclosed to the consumer at that context are defined at the regional the time of opening an account or mak- level (WAEMU/BCEAO). Commentators ing a one-off payment or transfer? The in Côte d’Ivoire have lamented the lack 2015 e-money instruction (arts. 29–30) of an effective consumer law framework requires a signed contract between the (Issa-Sayegh 2003). However, this is issuer and customer for purposes of changing as protections are written into opening an e-money account.68 But there competition and financial regulations, is no requirement to provide a copy of and as Côte d’Ivoire moves toward imple- the contract to the consumer, and dis- mentation of new consumer legislation. cussions with customers in the region In January 2017, Côte d’Ivoire adopted indicate that this has caused problems. a new law on consumer protection (Loi Mandatory provisions include disclosure ivoirienne n° 2016-412 du 15 juin 2016 sur of the limits, risks, and caution required la consommation) that includes a chapter in using e-money and the procedures in on financial consumer protection (FCP).67 case of fraud, loss, and claims for reim- bursement. The issuer is also required While this is a positive step, best-practice to make its fee schedule easily accessible jurisdictions generally place FCP issues to all customers. In practice, however, under the authority of the banking su- the effect of this protection is limited be- pervisor or another agency specializing cause the customer is not entitled to a in financial services. Gaps and problems copy of the schedule and does not receive arise in some countries (e.g., Zambia a “prompt” with the relevant fee before [World Bank 2012]) where the gener- a transaction is executed. The e-money al consumer regulator has authority in instruction mandates the issuance of an 67 See the latest draft version available on the Ministry website (http://www.commerce.gouv.ci/commerce/userfiles/file/ Loi_relative_a_la_consommation.pdf); BCEAO comments. 68 The instruction appears to accommodate either physical or e-signatures, but in current practice BCEAO requires hard copy. 24 Regulatory Framework for Digital Financial Services in Côte d’Ivoire TABLE 3.  DFS consumer protection Regulatory WAEMU and Côte d’Ivoire provisions features (WAEMU rules apply unless otherwise stated) Consumer A patchwork of consumer protection rules applies to DFS. E-money, protection banking, microfinance, payments, and e-commerce legislation (Côte rules for DFS d’Ivoire) provide some protections for DFS consumers. New consumer legislation (2017) in Côte d’Ivoire may prove helpful. Information on WAEMU: E-money issuers to make their fee schedules easily all costs and accessible to all customers, and e-money agreements to state the fees conditions for use of the e-money-related services being provided. Rapid funds transfers agents to post their tariffs at teller windows. For payment services, conditions for the use of instruments and accounts to be clearly explained to the customer at the time the account is opened and incorporated in the agreement. MFI law requires transparency in fee arrangements. Côte d’Ivoire: E-commerce law provides standards on advertising, offers, contract provisions, transparency of prices (including fees and taxes), and disclosure of identifying information on the seller of goods and services. The new consumer law would strengthen these protections. Contracts, WAEMU: Signed contract required between the issuer and cus- transparency, tomer for opening an e-money account. Application for e-money provisions authorization requires a copy of the draft contract with customers. Agreements must address points such as the respective obligations of the issuer and client, limits and risks of using e-money, proce- dures in case of fraud or loss. For payment services, conditions for use of instruments and accounts to be clearly explained and incor- porated explicitly in a written agreement. Côte d’Ivoire: For e-commerce, contractual provisions and proce- dures for acceptance are to be spelled out clearly. Electronic means of contracting may be used in the case of a consumer, provided the latter accepts this mode of communication. Complaint E-money issuers are required to set up forums for complaint handling handling, for both clients and their counterpart e-money acceptors. These systems must be accessible by multiple communication channels at all times, establish deadlines for resolution of claims, and track all complaints received and addressed. But the instruction does not provide for uniform procedures or minimum standards. (Other regulations, including on rapid transfers, are silent on this.) Observatoire now being set up in Côte d’Ivoire will provide mediation services and comparative analysis. Information E-money issuers to ensure that their agents post visible, legible requirements information that provides information such as name and contacts for agents for the principal issuer. Duty of issuers to make fee schedules easily accessible to all customers applies by implication to agents. Rapid funds transfer agents to include the logo of their principal FIs on their signage and to post tariffs at teller windows. (Continued) 25 Regulatory Framework for Digital Financial Services in Côte d’Ivoire TABLE 3.  DFS consumer protection (Continued) Regulatory WAEMU and Côte d’Ivoire provisions features (WAEMU rules apply unless otherwise stated) Agent fraud The e-money instruction requires agents to ensure the traceability of transactions and to keep an operational journal that includes any fraud uncovered and any complaints from clients. Issuers are required to have appropriate internal control and risk management procedures—and to ensure that their agents do as well. Banks and MFIs are legally responsible for acts of their rapid transfer agents, although fraud is not explicitly addressed. Mandate of E-money and payments rules include standards on prompt high-quality crediting of transfers and reimbursement of e-money counterpart performance funds, irrevocability of electronic orders, and providing account statements to customers. E-money digital platform must be easily available and highly reliable. Payment services customers have the right to a minimum standard of service, including access to secure means of making and receiving payments and transfers. Data sharing WAEMU: The e-money instruction requires issuers to protect and data clients’ personal data in accordance with national and regional authorization legislation. Banking and MFI laws impose a duty of confidentiality procedures on staff, management, and auditors of these institutions. Recent legislation on credit information bureaus contains further provisions on handling of client data in financial transactions. Côte d’Ivoire: Personal data protection legislation requires prior consent for collection and handling of personal data. Entities that handle, store, or transmit personal data must be authorized by ARTCI. Telecom legislation requires services providers to protect personal data and confidentiality of communications. e-receipt for all transactions and specifies of the account, including quarterly state- the details to be included in it (art. 30).69 ments. The regulation defines the interval between the arrival of a payment order The 2002 payments regulation sets forth and the crediting of the beneficiary’s ac- certain additional consumer rights and count.70 It also stipulates that payments protections (arts. 8, 10, 14, 15, 142). The orders are irrevocable, but can be with- conditions for the use of payments in- drawn in case of fraud (based on the cli- struments and accounts must be clearly ent’s appeal, including by telephone). explained to the customer at the time the Licensed payments companies and other account is opened, and must be incor- providers of such services, including the porated clearly in a written agreement. Post, are subject to these rules. 71 Customers have the right to a minimum standard of service, including access to Standardization of these e-money and secure means of making and receiving payments contracts, however, is not payments and transfers, and management practiced or required. This can make 69 The following are to be recorded: reference number and time of the transaction, type of service, issuer name, registration of agent/subagent, identity of recipient, and amount of transaction and fee. 70 A maximum of five days, including preparation, settlement, and float periods. 71 As mentioned, the lack of clear definitions of accounts and services can undercut these FCP protections in practice. Without standard definitions, providers designate services at their discretion, making it difficult for customers to compare terms. 26 Regulatory Framework for Digital Financial Services in Côte d’Ivoire comparison unduly difficult. Nor is there transparency of prices (including fees any requirement regarding format (e.g., and taxes), and disclosure of identifying length or font requirements) or language information on the seller of the goods (e.g., plain language or local language). and services. The law’s provisions on ac- Results of a customer poll indicate that ceptance of electronic offers require that this is a problem. A concern of special contractual provisions and procedures relevance to DFS is the application of for acceptance be spelled out clearly. Elec- consumer protections to agents. Among tronic means of contracting may be used financial services legislation, only the in the case of a consumer, provided the e-money and rapid transfer instructions consumer accepts this mode of commu- have provisions dealing to any extent nication. E-document security, archiving, with this. The e-money instruction (art. and other matters are also covered.73 18) requires issuers to ensure that their agents post visible, legible information As mentioned, a consumer law has been that includes name and contacts for the enacted in Côte d’Ivoire. The Commission principal issuer, for example. created by the law is to have units deal- ing with abusive agreements, consumer It also holds issuers legally responsible protection and security, and over-indebt- to clients and other third parties for the edness. Specific rules on consumer and agent’s performance of delegated ser- housing finance deal with effective inter- vices (notwithstanding any agreement est rates, over-indebtedness, collection, to the contrary), as well as for the in- and other issues. The law also sets up a tegrity and traceability of transactions credit registry under BCEAO manage- conducted by agents. Here again, the ment to record and share consumer credit Post comes under these rules when data (incidents de paiement, i.e., negative acting as an agent for e-money issuers. information) with credit institutions. Similarly, the rapid transfers instruction (arts. 6, 9) requires agents to display 6.2 Complaint channels information on their principals and to ensure the agents’ compliance with the Pending implementation of the consum- instruction and other regulations. These er protection law, and the commission OTC providers are to include the logo of provided therein, FCP complaints are the FIs they serve on their signage and addressed in explicit terms only in the post their tariffs at the teller windows. e-money instruction (art. 30). There, issuers are required to set up forums Other basic consumer provisions appear for complaint handling, for both clients in the banking and microfinance laws.72 and their payees. These systems must These rules become relevant to DFS be accessible by multiple communi- when the FIs act as issuers and when cation channels at all times, establish customers access their accounts digitally. deadlines for resolution of claims, and Côte d’Ivoire’s regulations on e-services track all complaints received and ad- offer additional protections. The 2013 dressed. The provisions on complaints e-commerce law provides standards on are not spelled out in detail. Procedures advertising, offers, contract provisions, are not standardized, nor are providers 72 Under the banking law (e.g., arts. 15, 56) protection of customer rights is one of the criteria considered by BCEAO in ap- proving licenses. The MFI law (e.g., arts. 60, 81) requires transparency in fee arrangements, and an instruction on internal control requires MFIs to have codes of conduct for dealing fairly with customers (among others), Instruction n° 017-12-2010 relative à l’organisation du contrôle interne au sein des systèmes financiers décentralisés. Last, the 2010 IOB instruction makes the principal bank wholly responsible for the actions of its IOB agent, and the principal bank must repair any damage caused. The IOBs are to be provided professional IDs bearing statements to this effect. 73 The 2012 telecoms ordinance is also relevant, as discussed in Section 3. 27 Regulatory Framework for Digital Financial Services in Côte d’Ivoire required to inform consumers about relevant to DFS as loans become more how their complaints are to be handled. widely accessible by digital means. Equivalent provisions do not exist un- der the regulations on payments and Côte d’Ivoire has adopted protections for transfers. customer data in its 2012 telecoms ordi- nance, the 2013 law on e-transactions, BCEAO’s regional financial inclusion and the personal data legislation of strategy envisions that the Senegal 2013.76 These acts are enforced by Observatoire model will be replicated in ARTCI. The laws do not explicitly target other WAEMU countries. Côte d’Ivoire financial data or information collected is now setting up its Observatoire pur- in financial transactions. But they do suant to a regulation in January 2017. cover types of sensitive data likely to The Côte d’Ivoire Observatoire is to be handled in DFS operations, such as have dispute mediation and compara- identity, biometric, household, and legal tive analysis functions, and will require information. The 2013 data protection focal persons in each regulated entity. legislation requires prior consent by the Further, this Observatoire will allow for affected person for the collection and functional comparison between institu- handling of personal data. Entities that tions that offer transfer services (includ- handle, store, or transmit personal data ing between banks, MFIs, and EMEs), must be authorized by ARTCI. and institutions offering transaction ac- counts (including between banks, MFIs, The 2012 telecoms ordinance requires and EMEs). The World Bank is support- services providers to protect personal ing the Ministry of Finance in establish- data and ensure the integrity and confi- ing this institution. dentiality of communications (including by their agents). As mentioned, MNOs are 6.3 Client data protection providing mobile platforms and the agent networks for mobile money services. Data protection—a major concern for Those platforms and associated digital DFS—is covered by general provisions transmissions fall within the authority on confidentiality and personal data of ARTCI and the standards on telecoms, security in banking, microfinance, and data protection, and e-commerce. At the e-money regulations.74 Regional legisla- same time, BCEAO regulates e-money tion on credit information bureaus con- issuance using this and other channels. tains further provisions on handling of This overlap of authority is still under client data75—which will be increasingly discussion between the two agencies. 74 The laws on banking (arts. 30, 53–4) and MFIs (arts. 28, 37) impose a duty of confidentiality on the staff, management, and auditors of these institutions. In both cases, an exception is provided for sharing information with the regulator. The e-money instruction simply requires issuers to protect clients’ personal data in accordance with national and regional legislation. 75 Loi uniforme portant règlementation des bureaux d’information sur le crédit dans les états membres de l’Union Monétaire Ouest Africaine (UMOA) 2013; Instruction N° 002-01-2015 relative aux modalités d’obtention du consentement du client par les fournisseurs de données aux bureaux d’information sur le crédit (bic) dans le cadre du système de partage d’information sur le crédit dans les états membres de l’UMOA. 76 Loi no. 2013-450 relative à la protection des données à caractère personnelle. Also, Décret no. 2015-79 fixant les modalités de dépôt des déclarations, de présentations des demandes, d’octroi et de retrait des autorisations pour le traitement des données à caractère personnel. 28 Regulatory Framework for Digital Financial Services in Côte d’Ivoire 7. COMPETITION AND COORDINATION The potential of DFS to increase vol- and limiting competitive growth. Thus, ume, efficiency, and inclusiveness in the an interoperability policy or scheme is financial system depends on connec- often essential for competition in these tivity among relevant communication markets, but in most settings, it is ab- channels and accounts. Two important sent or incomplete. It is often difficult to constraints in Côte d’Ivoire, as in other have voluntary agreement on interoper- settings, are uneven access to mobile ability in the near term, especially where communication channels and limited in- there is a dominant provider. But in- teroperability between competing DFS teroperability can emerge when market providers and their networks. These players understand the potential shared issues are being addressed in part by benefits of network effects. BCEAO has market players under the guidance of developed a “road map for interopera- the regulators. More comprehensive bility,” and it benefits from support by solutions will require coordination the African Development Bank and the between financial, telecom, and compe- Gates Foundation for implementation. tition regulators at national and regional levels. This is especially true where, as DFS in Côte d’Ivoire and the WAEMU re- in Côte d’Ivoire, the DFS market is made gion could be described as comprising up of diverse providers who fit into sev- closed loops and distinct operating stan- eral regulatory niches with differing dards, with limited but growing interop- requirements—a trend worthy of en- erability. A prime example of evolving couragement but also of coordinated integration in the region is GIM-UEMOA, oversight. (An overview of key provi- a regional switch for ATM and POS pay- sions is given in Table 4.) ments. This switch is available to EMEs across the region. Several are now 7.1 Interoperability GIM-UEMOA members and have access to the switch, including Orange in Côte Early rapid growth of one DFS provider d’Ivoire. MFIs in the region are slated tends to defer the advent of interopera- to get access to this switch, which could bility, in turn favoring dominant actors also be made available to all e-money TABLE 4.  Interconnection and interoperability Regulatory features WAEMU and Côte d’Ivoire provisions Interconnection (e.g., Côte d’Ivoire: Telecoms legislation states that network access, sharing USSD channel) interconnection, and sharing of essential infrastructure should be provided on an equal, nondiscriminatory basis. Refusal to share essential infrastructure can be deemed anti-competitive, while dominant providers (25% market share) have a duty to offer interconnection. ARTCI is now requiring MNOs to open the USSD channel to external services providers. Interoperability WAEMU: E-money issuers must ensure that they take the necessary technical and operational steps to facilitate in- teroperability with other payments systems. Compliance with this requirement is to be verified by external audit every three years, and the audit must cover the issuers’ technical partners, who may serve as agents for issuance of e-money. 29 Regulatory Framework for Digital Financial Services in Côte d’Ivoire issuers, but few have shown interest. volume of business. This is in addition to By contrast, it is reported that ATMs the more common incentives to squeeze have achieved near total interoperability competitors’ margins. For their part, across Côte d’Ivoire and the region, but MNOs want to protect the privileged ac- not as much progress has been achieved cess that they gained with their licenses, with POS. There are also concerns about and to prevent network overload if they interchange fees, irrevocability of trans- share access. actions, and protection from bankruptcy (World Bank 2014, 39–40, 98–101). Im- There are reports from Côte d’Ivoire portantly, on the positive side, the 2015 that MNOs have denied USSD access. In e-money instruction requires issuers to other cases, MNOs are reported to have facilitate interoperability. charged heavily for access or limited it in terms of time or connection quality. It is also significant that MNOs are providing 7.2 Channel access channel access to their e-money subsid- Another typical constraint to DFS expan- iaries while restricting access to others. sion arises from the lack of reliable ac- cess to mobile messaging channels. The 7.3 Regulatory responses MNOs control the SIM card with its iden- tity data on each mobile user and the The frameworks for financial, telecom, phone’s communications channels, in- and competition regulation—at nation- cluding the USSD channel—the one most al and regional levels—provide relevant used by DFS providers. Although mobile standards that might be used to ad- money providers depend on USSD, that dress the issues just discussed. BCEAO, channel is of minor commercial impor- of course, has an important role to play tance overall for MNOs and telecom reg- here, particularly on interoperability. ulators. Given its importance to low-cost There are sector-specific competition outreach of DFS, access to this channel is standards embedded in the financial both a competition and financial inclu- services legislation, and the e-money sion issue (Mazer 2015; Hanouch and instruction (art. 7) requires issuers to Chen 2015; Mas 2012; Coye Benson and facilitate interoperability.77 There has Loftesness 2012; ITU 2017). not yet been a strong regulatory push to ensure that different participants in MNOs are not only providers of the chan- DFS can play together on the same lev- nel for mobile money services; they are el playing field. Where interoperability also competitors (through their EME affil- does not emerge in the near term from iates) of FI issuers and of EMEs that are not market incentives, the regulator may affiliated with MNOs. There is a risk that need to step in. But most observers fa- MNOs will transfer market power from vor suasion over coercion. Introducing, their core market to the emerging mobile or mandating, interoperability too ear- money market in such a way as to effec- ly may be counterproductive—it could tively shut out others. This gives MNOs an drive up compliance costs and techni- opportunity to price-discriminate against cal complexity (di Castri 2013; GSMA financial services providers that are seek- 2010; Mas 2012). Through its “road- ing access, or even to deny access, and to map for interoperability,” BCEAO is favor aggregators that bring them a large showing its commitment to secure full 77 All e-money solutions must ensure platform availability/access (une haute disponibilité de la plate-forme), nonrepudiation of transactions, and arrangements (including technical features) that facilitate interoperability with other payments sys- tems. These dispositions are to be checked by way of audits conducted at least once every three years. 30 Regulatory Framework for Digital Financial Services in Côte d’Ivoire interoperability (through GIM-UEMOA) Both Côte d’Ivoire and WAEMU have when the market is ready. adopted general regulations on competi- tion and set up regulatory agencies. The ARTCI has authority to approve rates WAEMU competition legislation pro- and enforce tariff transparency on be- vides standards for identifying and ad- half of MNO customers. It also regulates dressing anti-competitive agreements, value-added services—such as adjuncts abuses of dominant position, and other to core telephone and data services, offenses.78 The regional commission is and the evaluation of the appropriate- authorized to make exceptions where ness and terms of such services. ARTCI’s such arrangements are found to be (or authority extends to the digital net- can be made) efficient and equitable in works used for payments and transfers practice. The Ivoirian legislation79 con- and the postal service, which provides tains similar provisions. It also prohi­ funds transfer services. Further, ARTCI bits predatory pricing, and it authorizes is responsible for enforcing the laws price regulation for necessary goods governing e-commerce and e-signature and services. It is not clear how effective certification. The agency is tasked with these agencies are. In particular, it is re- establishing an appropriate mechanism ported that the regional-level authority for consumer complaints and follow-up lacks capacity to act swiftly to address and with ensuring quality of service and anti-competitive practices. effective and fair competition (in coop- eration with other relevant authorities). As for access to the USSD channel, the regulatory options in general include the Clearly, ARTCI’s authority over mobile following (Di Castri 2013; ITU 2016): providers and e-commerce overlaps with that of BCEAO. This overlap argues ■■ The telecom regulator could require in favor of a framework for coordina- open USSD access by MNOs on a tion. ARTCI is mandated to cooperate nondiscriminatory basis, while per- with other regulatory bodies in Côte haps also setting price and quality d’Ivoire and the region to regulate com- standards. petition in the telecoms and data mar- ■■ The financial regulator could condi- kets, ensure interconnection and quality tion e-money issuance approval on services, and protect consumers. At the each of the relevant MNOs’ giving same time, BCEAO is authorized under USSD access to all DFS providers. financial legislation, such as the e-money instruction, to bring in other regulatory ■■ The competition regulator could authorities to carry out joint inspections. take jurisdiction if the problem is In the DFS context, ARTCI and BCEAO not solved by market actors or the have established a joint working group sector regulators. This will likely de- that is analyzing several areas of con- pend on showing that a given MNO cern, including interoperability. ARTCI has abused its dominant market po- is also developing a framework for col- sition and that USSD is an essential laboration with the national and regional services infrastructure that must competition agencies to monitor the de- be openly available for there to be a velopment of the telecom sector. market. 78 The 2002, WAEMU competition law established the regional agency Département du Marché Régional, du Commerce, de la Concurrence et de la Coopération (DMRC). 79 Ordonnance no. 2013/662 Relative à la Concurrence, establishing La Commission de la Concurrence et de la Lutte contre la Vie Chère. 31 Regulatory Framework for Digital Financial Services in Côte d’Ivoire Côte d’Ivoire has chosen the first of and sharing of essential infrastructure these options. ARTCI announced in ear- should be provided on an equal, non- ly April 2017 that it is now requiring discriminatory basis.80 Refusal to share MNOs to open the USSD channel to ex- essential infrastructure can be deemed ternal services providers and to make anti-competitive, while dominant pro- public their respective access offer viders (25 percent or greater share of with a price list. ARTCI was reviewing “pertinent” market) have a duty to of- these prices at the time of this diag- fer interconnection. ARTCI is required nostic. It should continue to monitor to monitor conditions of access (which MNOs for potential discriminatory are to be published by the operator) pricing and services quality, and scru- and may enforce access as a last resort. tinize USSD offers to prevent undue Where there is no effective competition, denial of service or prices that are out ARTCI reserves the right to set limits on of line with those of other channels. fees. Denial of sale, price discrimination, and agreements in restraint of trade are ARTCI has a firm legal basis for its inter- prohibited.81 The competition law pro- vention. The telecoms legislation states visions mentioned provide additional that network access, interconnection, support for intervention if needed. 80 Ordonnance no. 2012/293 Relative aux Télécommunications et aux Technologies de l’Information et de la Communication, arts. 16, 18, 35–49; Loi no. 95-526 portant Code des télécommunications, arts. 2.41, 2.42, 2.50, 2.55, 4, 6. 81 Id., arts. 72, 87, 171–74, 180. 32 Regulatory Framework for Digital Financial Services in Côte d’Ivoire 8. CONCLUSION The following is a short distillation of requirements, including standard- findings and conclusions and recom- ized disclosures. This step would mendations for further policy develop- support competition, help keep in- ment. Generally speaking, both WAEMU terest rates low, and make it possible and the Ivoirian authorities have made to phase out rate caps. As EMEs and impressive strides over the past several OTC providers are not permitted to years in building an enabling regulatory offer credit under current regula- framework for financial inclusion and tions, the potential sources of digital DFS, in particular. This effort poses the credit would be licensed credit insti- challenge of ensuring policy consistency tutions (e.g., banks) and MFIs.82 and regulatory harmonization—a chal- lenge that is not always met. ■■ Revise the tight limit on MFI activities beyond the traditional ones of sav- Most of the measures suggested are within ings and credit. BCEAO should grant the responsibility of regional authorities, MFI issuers an automatic exception, mainly BCEAO. Recommendations that or at least a higher limit (i.e., greater concern the Ivoirian national authorities than the current ceiling of 5 percent (e.g., for some aspects of customer ID and of risk provisions), for earnings from consumer protection) are noted as such. basic DFS activities such as e-money issuance and payments/transfers. A 8.1 E-money and payments revised regulation should also specify any conditions for such an exception The 2015 e-money instruction has con- or adjustment (e.g., a defined period of solidated and clarified the rules in this successful operation). Care should be area. In addition, a sizeable market for taken to ensure that the rule’s pruden- payment services has been established tial objectives continue to be met.83 under earlier regulations. But questions remain about how supportive of DFS the ■■ Clarify protections for e-money float rules in other, related, areas—such as funds. The e-money instruction re- banking and e-commerce—are. Recom- quires segregation of float funds mendations are as follows: by the issuer and the depositary ■■ Reconsider the interest rate caps in institution. However, the treatment of force across the region. These lim- these funds in the case of the issuer’s its are likely to constrain the offer of bankruptcy is not clear. It may be ad- innovative digital credit and savings visable to include in the regulations products to the unbanked. At least a requirement that funds must be a partial or phased liberalization is placed in a trust account (as has been advisable. It would be best to cou- done in other countries84), to insu- ple this with stricter transparency late the float from ownership claims 82 An analysis of provider costs and their impact on interest rates could be enlightening in this regard, though it is beyond the scope of this study. According to BCEAO, MFI inspections found that general costs, including salaries, have tended to be out of line with MFI structures and as a result have led to noncompliance with the 24 percent interest rate cap. 83 BCEAO reports that analysis of possible adjustments to this rule is underway. The Bank’s chief concern is the protection of MFI depositors. 84 In Kenya and Tanzania, float deposits are required to be placed in a trust account administered by a trustee on behalf of the e-money holder. Trusts are better known in common law than in civil law countries, although the law in this area has been evolving. Thus, Rwanda now requires a trust (fiducie) account. A similar arrangement, used in Uganda, is an escrow account. This is an account managed by a third party that provides for the isolation of funds until they are released upon the occurrence of conditions stated in the escrow agreement (e.g., authorized payment, settlement). 33 Regulatory Framework for Digital Financial Services in Côte d’Ivoire by the issuer and its creditors. Also, not clearly articulated for MFIs. In other as Côte d’Ivoire’s deposit guarantee words, access to agents for distribution system goes into operation, it is ad- of DFS is uneven, creates disparities visable to clarify its scope of coverage based on the type of institution (e.g., to ensure adequate, equitable pro- bank vs. EME), and may act as a drag tection of e-money float. A uniform on financial inclusion and the spread of system of per-client “pass-through” new DFS products. insurance should be considered (re- gardless of the type of issuer) to make Recommendations are as follows: the guarantee effective for individu- ■■ Develop uniform, or at least harmo- als within the coverage limits.85 nized, agency rules and standards ■■ Harmonize regional and national for financial services outreach across rules on e-signature acceptance and the board—including agent banking certification, and ensure coordination (for MFIs as well as banks), e-money and clear jurisdictional lines between agents, and rapid transfer agents. BCEAO and ARTCI in this area. It is par- A functional, risk-based approach ticularly critical to ensure that certifi- should be adopted, in preference to cation providers and processes are set the current patchwork of mostly in- up so that fully digital signatures and stitution-based regulation (includ- certifications can be routinely used— ing IOB rules). The new framework without recourse to paper documents, should provide a comprehensive and as appears to often have been the proportionate set of risk-based rules case currently. According to BCEAO, on due diligence, supervision, inter- work is underway to craft revisions nal control, and subagents. to the regional payments regulation (no.15/2002), including the removal ■■ IOB rules should be revised or re- of the requirement to retain physical placed to support a more flexible signatures (art. 19). Region-wide cer- agent banking approach. Further, it tification is expected to be provided by would be useful for BCEAO to pro- SOAC, a body established in 2005 by vide a transition path for e-money the WAEMU Commission, but which is agents and rapid transfer agents to not yet operational. enter the market for agent banking services (again, for both banks and 8.2 Use of agents MFIs). The 2015 instructions on e-money and 8.3 Client identification transfers clarified who can be and who can use an agent, as well as what services The 2015 WAEMU directive on AML/ agents can provide, while confirming CFT provides a comprehensive set of the legal responsibility of the princi- basic protections in client ID (although pal. Also important is the recognition the quality of enforcement in practice is of primary agents and subagents; this less certain). This AML/CFT regime does is a critical step toward the expansion not sufficiently accommodate finan- of agent networks within a framework cial inclusion and DFS through tiered, of accountability. On the other hand, risk-based KYC standards. The AML/ the conditions for agent banking appear CFT directive and other regional legis- far too restrictive for the banks and are lation in such areas as e-money provide 85 An example of this is the system adopted in Nigeria (Izaguirre, Lyman, McGuire, and Grace 2016). 34 Regulatory Framework for Digital Financial Services in Côte d’Ivoire only a patchwork of quite limited (and transactions. This will require coop- in some cases conflicting) due diligence eration on integrated approaches by exceptions for certain small transac- the relevant agencies at the national tions. Further, mobile money requires and regional level. One promising a SIM card, which in turn is subject to approach that could be explored is ID requirements, which appear to be to carry over the same ID verifica- getting more stringent. On the positive tion procedure used for SIM cards side, KYC can be outsourced under ap- into the KYC process—and perhaps propriate conditions, and Côte d’Ivoire’s national ID cards and databases as program of expanding access to official well. (This approach, which is used IDs will help ease KYC procedures there in Pakistan, depends on having ID and thus enhance financial inclusion. data of sufficient quality and using biometrics.) The ongoing improve- Recommendations are as follows: ments in Côte d’Ivoire’s ID system should take these needs into account. ■■ Replace the patchwork of KYC carve- outs for small transactions (includ- ing case-by-case adjustments) with 8.4 Consumer protection a clear, consistent set of risk-based The consumer protections applicable KYC tiers. The tiers should provide to DFS are improving, but they are not comprehensive coverage of financial comprehensive and consistent. Core services, including DFS, and should banking and financial services legis- provide clearly defined exceptions lation does little to address consumer from requirements more likely to ex- protection. But recent enactments on clude traditionally unbanked groups e-money and transfers, e-commerce, such as poor and rural populations and telecoms provide for transparency (e.g., documentation of a permanent of fees, complaints handling, required address). General FATF principles contract provisions, and the like. The embodied in the 2015 and 2012 new consumer law, with its chapter on WAEMU legislation also need to be financial services, should bring addi- spelled out explicitly in legislation tional, harmonized protections to cli- applicable at the national level. The ents of DFS providers and the financial procedure here is to develop a uni- sector, generally. In addition, data pri- form law that incorporates tiered vacy is mandated in the regulations on KYC/customer due diligence, and for data protection, credit bureaus, and a WAEMU member country to adopt telecoms. Specific advance consent is re- it into national law—thus leading quired for nearly all potential uses of cli- the way for others.86 ent data. Importantly, the e-money and rapid transfer regulations apply con- ■■ Coordinate ID requirements for SIM sumer rules explicitly to agents. cards and DFS. The rules should be reviewed so that they can be appro- Recommendations are as follows: priately graduated to account for the different risks involved in mobile ■■ Strengthen and harmonize consum- phone subscriptions, payments and er protections across the full range transfers, mobile money, and large of DFS—including digital linkage to 86 Jurisdiction over AML/CFT is shared, with WAEMU adopting regional standards and uniform laws and the member coun- tries adopting the latter into national law. Côte d’Ivoire has an AML/CFT law (Loi no. 2005-554) that could be replaced, supplemented, or amended in the manner indicated. 35 Regulatory Framework for Digital Financial Services in Côte d’Ivoire savings and credit accounts as this by providers. Good practice here becomes feasible. Protections should involves regulatory oversight of con- include standard disclosure formats sumer practices as a market conduct and requirements that cover each and prudential matter. type of DFS product and delivery channel. Provisions on fraud, secu- ■■ Data collection on consumer prac- rity, data protection, and bankruptcy tices should be strengthened and and other contingencies should be systematized. BCEAO, along with the similarly expanded. Application of consumer commission and Obser- consumer norms to agents should be vatoire, should require reporting on clearer and more consistent across these matters from FIs, e-money is- the board. suers, and agents. Data analysis can reveal patterns of practice as well as ■■ Enhance transparency and compara- risks posed by noncompliance with bility by requiring standardized fee consumer norms and effectiveness information for payments accounts, of enforcement. or at least by introducing standard requirements for format and man- 8.5 Competition and coordination ner of disclosure. The inevitable overlaps between mar- ■■ A tribunal or ombudsman for retail kets, services delivery infrastructure, finance, including DFS, is also im- and regulatory regimes create difficul- portant. As mentioned, Côte d’Ivoire ties. The key issues here for Côte d’Ivoire is setting up its Observatoire pursu- are interoperability and access to the ant to a regulation of January 2017. USSD channel. Constraints in these Explicit, specific provisions relat- areas tend to work in favor of the domi- ed to DFS will help to strengthen nant provider, and they act as a drag on protection in this subsector. Also in overall DFS development and financial January 2017, Côte d’Ivoire adopted inclusion. BCEAO and ARTCI have regu- a new law on consumer protection. latory provisions that they could use to The Commission created by the law enforce interoperability and USSD ac- is to have units dealing with abusive cess. Importantly, ARTCI announced in agreements, consumer protection early April that it is now requiring MNOs and security, and over-indebtedness. to open the USSD channel to external Here as well, specific provisions on services providers and to make public DFS would be useful. Further, the their respective access offer with a price system will be most effective if all list. Also, as mentioned, BCEAO has financial services providers (not launched an interoperability “roadmap” just e-money issuers, as is now the with support from external funders. case) are required to have in-house complaint systems, if the latter offer Recommendations are as follows: a route of appeal to the Commission and Observatoire and if guidelines ■■ BCEAO, ARTCI, and perhaps the are provided for appeal to the court competition authorities should elab- system. orate on the framework for cooper- ation that they have discussed, and ■■ There is a need to make consum- they should map out a strategy for protections effective in p er ­ ­ ractice rationalizing the governance of the through systematic supervision. As DFS market. Recent steps taken by matters stand, some provisions the two regulatory bodies are prom- reportedly are not applied at all ising in this regard. 36 Regulatory Framework for Digital Financial Services in Côte d’Ivoire ■■ ARTCI, in cooperation with BCEAO prices that are out of line with those and competition agencies, should of other channels. Also, BCEAO monitor MNOs for potential dis- is responsible for monitoring the criminatory pricing and services price and quality of financial ser- quality affecting DFS delivery. It vices, including payments services, should scrutinize USSD offers to and has an important role to play prevent undue denial of service or here. 37 Regulatory Framework for Digital Financial Services in Côte d’Ivoire RESOURCES ITU. 2016. “Digital Financial Services: Regulating for Financial Inclusion—An ICT ARTCI Bulletin de Veille Electronique, 1er Perspective, GDDFI Discussion paper. trimester 2016, Identifiant Unique en Côte Izaguirre, Juan Carlos, Timothy Lyman, Claire d’Ivoire. McGuire, and David Grace. 2016. “Deposit Atelier sur les services financiers ­ Insurance in the Digital Financial Inclusion numériques en Côte d’Ivoire: Compte-rendu, Context.” Brief. Washington, D.C.: CGAP. 7 juin 2016. Koné, Tiémoko Meyliet. 2016. “Mobile Bakhshi, Pawan. 2014. “Beware the OTC Financial Services Are Making Headway in Trap.” Blog post, 9 May. WAEMU.” BCEAO blog post, 14 June. BFA (Bankable Frontier Associates). n.d. Lauer, Kate, and Timothy Lyman. 2015. “The Journey toward Cash Lite: Address- “Digital Financial Inclusion: Implications ing Poverty, Saving Money and Increasing for Customers, Regulators, Supervisors, and Transparency by Accelerating the Shift to Standard-Setting Bodies” Brief. Washington, Electronic Payments.” Boston: BFA. D.C.: CGAP. BIS (Bank for International Settlements) Lhériau, Laurent. 2010. Le droit et la tech- Basel Committee on Banking Supervision. nologie au service de la bancarisation : 2005. The Joint Forum: Outsourcing in focus sur la banque à distance. Techniques Financial Services. Geneva: BIS, February. Financières & Développement, N°100. Par- CGAP. 2016. “Market System Assessment is: Epargne Sans Frontière, Septembre. of Digital Financial Services in WAEMU.” LIRNEasia and UP-NCPAG.2008. “Mobile Working Paper. Washington, D.C.: CGAP. Banking, Mobile Money and Telecommuni- Coye Benson, Carol, and Scott Loftesness. cation Regulations.” http://lirneasia.net/ 2012. “Interoperability in Electronic wp-content/uploads/2008/05/Mobile-2.0_ Payments: Lessons and Opportunities.” Final_Hor_EA.pdf Washington, D.C.: CGAP. Mas, Ignacio. 2012. “What Is the Telecom di Castri, Simone. 2013. “Mobile Money: Regulator’s Role in Fostering Mobile Mon- Enabling Regulatory Solutions.” London: ey?” Blog post, 8 May. GSMA, February. Mazer, Rafe. 2015. “USSD Access: A Gateway Gage, Justin, Steve Pannifer, and Paul Makin. and Barrier to Effective Competition.” Blog 2016. “Country Note: Pakistan.” Washing- post, 18 February. http://www.cgap.org/ ton, D.C.: World Bank. blog/ussdaccessgatewayandbarriereffective competition GPFI (Global Partnership for Financial In- clusion). 2016. “Global Standard-Setting McCaffrey, Mike, Graham A. N. Wright, and Bodies and Financial Inclusion: The Evolv- Anup Singh. n.d. “OTC: A Digital Stepping ing Landscape.” Geneva: GPFI. http://www. Stone, or a Dead End Path?” Microsave. gpfi.org/sites/default/files/documents/ http://www.microsave.net/files/pdf/ GPFI_WhitePaper_Mar2016.pdf 1467712097_OTC_Digital_Stepping_Stone_ or_Dead_End_Path.pdf GSMA. 2010. “Mobile Money Definitions.” London: GSMA, July. Radcliffe, Dan, and Rodger Voorhies. 2012. “A Digital Pathway to Financial Inclusion.” Seattle: Hanouch, Michel, and Gregory Chen. 2015. Bill & Melinda Gates Foundation, December. “Promoting Competition in Mobile Pay- ments: The Role of USSD.” Brief. Washing- Rashid, Naeha, and Stefan Staschen. 2016. ton, D.C.: CGAP, February. “Unlocking Financial Inclusion Using Bio- metrically Verified SIMs.” Blog post, 26 Issa-Sayegh, Joseph. 2003. Le droit ivoirien July. http://www.cgap.org/blog/unlocking- de la concurrence, Ohadata D-06-04. Sympo- financial-inclusion-using-biometrically- sium, Ouagadougou, February. verified-sims 38 Regulatory Framework for Digital Financial Services in Côte d’Ivoire Staschen, Stefan. 2016. “DFS Regulation and utilisation dans l’UEMOA.” Washington, D.C. : Supervision—What’s Going on? What Is World Bank. Coming up?” Slide deck. Washington, D.C.: ———. 2016. Intermédiaires en opérations CGAP, February. de banque et banque à distance: Réflexions World Bank. 2012. “Republic of Zambia: sur le cas de l’UMOA. Washington, D.C. : Diagnostic Review of Consumer Protec- World Bank, May. tion and Financial Literacy.” Washington, Wright, Graham. 2014. “Over the Counter D.C.: World Bank. https://openknowledge. Transactions—Liberation or a Trap? Part I.” worldbank.org/handle/10986/25890 Blog post, December. http://blog.microsave. ———. 2014. “Diagnostic des paiements net/over-the-counter-transactions-liberation de détail et stratégie pour développer leur -or-a-trap-part-i/ 39 Regulatory Framework for Digital Financial Services in Côte d’Ivoire  EGISLATION CONCERNING DFS IN WAEMU AND ANNEX 1. L CÔTE D’IVOIRE WAEMU systèmes financiers décentralisés des Etats membres de l’Union Monétaire Avis n° 003-08-2013 aux établissements Ouest Africaine (UMOA). de crédit et aux systèmes financiers décentralisés, relatif à la fixation du taux Instruction n° 011-12/2010/RB rela- de l’usure dans les Etats membres de tive au classement, aux opérations et à l’UEMOA, BCEAO. la forme juridique des établissements financiers à caractère bancaire. Décision n° 26/CM/UMOA du 2 juillet 2015 portant adoption du projet de loi Instruction N° 013-11-2015 relative. . . uniforme relative à la lutte contre le transfert rapide d’argent en qualité de blanchiment de capitaux et le finance- sous-agent au sein de l’UEMOA, BCEAO. ment du terrorisme dans les Etats membres de l’Union Monétaire Ouest Instruction n° 015-12/2010/RB fix- Africaine (UMOA) Décret d’application ant les conditions d’exercice des activ- de la loi portant réglementation des sys- ités d’intermédiaires en opérations de tèmes financiers décentralisés. banque. Directive n° 02/CM/UEMOA du 2 juillet Instruction n° 017-12-2010 relative à 2015 relative à la lutte contre le blanchi- l’organisation du contrôle interne au sein ment de capitaux et le financement du des systèmes financiers décentralisés. terrorisme. Instruction N°008-05-2015 régissant Directive n° 07/2002/CM/UEMOA du . . . activités des émetteurs de monnaie 19 septembre 2002 relative à la lutte électronique, BCEAO. contre le blanchiment de capitaux et le Loi portant réglementation des sys- financement du terrorisme (LBC/FT) tèmes financiers décentralisés. dans les Etats membres de l’UEMOA. Loi uniforme relative à la lutte contre le Directive n° 08/2002/CM/UEMOA por- blanchiment de capitaux dans les Etats tant sur les mesures de promotion de membres de l’UEMOA. la bancarisation et de l’utilisation des moyens de paiement scripturaux. Loi uniforme relative à la lutte contre le financement du terrorisme dans les Instruction n° 01/2006/SP du 31 juillet Etats membres de l’UEMOA. 2006 relative à l’émission de monnaie électronique et aux établissements de Loi uniforme relative à la répression des monnaie électronique (replaced by 2015 infractions en matière de chèque, de instruction). carte bancaire et d’autres instruments et procédures électroniques de paie- Instruction n° 127-07-08 fixant les mo- ment (UEMOA). dalités de mise en œuvre de la surveil- lance par la BCEAO des systèmes de Loi-cadre portant sur la réglementation paiement dans les Etats membres de bancaire (BCEAO). l’UEMOA. Recueil des textes légaux et règlemen- Instruction n° 010-08-2010 relative aux taires régissant les systèmes financiers règles prudentielles applicables aux décentralisés de l’UMOA. 40 Regulatory Framework for Digital Financial Services in Côte d’Ivoire Règlement n° 09/2010/CM/UEMOA/ pour le traitement des données à car- relatif aux relations financières exté- actère personnel, J.O. Côte d’Ivoire. rieures des Etats Membres de l’UEMOA. Loi no. 2005-554 du 2 décembre 2005 Règlement n° 15/2002/CM/UEMOA relative à la lutte contre le blanchiment relatif aux systèmes de paiement dans de capitaux. les Etats membres de l’UEMOA. Loi no. 2013-450 du19 juin 2013 rela- Statuts de la Banque Centrale des Etats tive à la protection des données à car- de l’Afrique de l’Ouest 2010. actère personnel, Journal Officiel de la République de Côte d’Ivoire. Statuts du fonds de garantie des dépôts dans l’Union Monétaire Ouest Africaine Loi no. 2013-451 du 19 juin 2013 rela- (UMOA) 2014. tive à la lutte contre la cybercriminalité, J.O. Côte d’Ivoire. Textes d’application de la loi portant réglementation bancaire. Loi no. 2013-546 du 30 juillet 2013 rel- ative aux transactions électroniques, J.O. Traité modifié de l’Union Economique et Côte d’Ivoire. Monétaire Ouest Africaine. Loi no. 2013-702 du 10 octobre 2013 por- Côte d’Ivoire tant Code des Postes, J.O. Côte d’Ivoire. Décret no. 2014-106 du 12 mars 2014 . . . Loi ivoirienne n°2016-412 du 15 juin conservation de l’écrit et de la signature 2016 sur la consommation. sous forme électronique, J.O. Côte d’Ivoire. Ordonnance no. 2012-293 du 21 mars Décret no. 2015-79 du 04 février 2015 2012 relative aux Télécommunications fixant les modalités . . . des autorisations et aux TIC, J.O. Côte d’Ivoire. 41