Balancing AML/CFT risks and financial inclusion outcomes: Analysis of regulatory gaps in Ghana’s NBFI sector

The adoption of digital business models, and with it, digital payments, accelerated tremendously during the outbreak of COVID-19 in Q1 2020. As of January 2020, active electronic money customers in Ghana were 14,130,350 with total transactions valued at GH¢GH¢30.2 billion (data source: Fintech and Innovation Unit, Bank of Ghana). By January 2023, the number of active electronic money customers had sky-rocketed to 20,551,466 with transactions valued at GH¢130.05 billion, a whopping growth of 62.69 percent (CAGR) over the 3-year period. Ahoy to financial inclusion, forward ever, backward never.

Except that there is still friction in parts of the financial market where digitization matters most; micro-savings and micro-credit. That friction, in part, is caused by regulatory complexity related to the provision of Digital Financial Services (DFS) by certain categories of NBFIs. A very basic policy question is this: is it permissible for, say, Tier 4 NBFIs (micro-credit or Susu enterprises), to procure payment services from duly licensed PSPs, and utilize the latter’s technological platform to deliver Digital Financial Services to clients? This article attempts to answer this question.

Review of DFS regulatory landscape
First, what is Digital Financial Service (DFS)? Permit me to cite Bank of Ghana’s own literature – Disclosure and Transparency Directives for Digital Financial Services and Products provided by Banks, Specialized Deposit-Taking Institutions and Non-Bank Financial Institutions, 2022. In the afore-cited directive, DFS is defined as “financial products or services accessed and/or delivered through digital channels including storing and transfer of funds; making and receiving payments; borrowing; saving; insurance and investment”. Digital credit is also defined as “a credit product or service that uses smart or feature phone technology, web platforms or any digital channel to register, score, approve and disburse” By the way, these same definitions are reflected in the Interpretations section of a related document – Disclosure and Transparency Guidelines for Digital Financial Services and Products Provided by Payment Service Providers, 2022. (Important information: both documents are Exposure Drafts, hence the final version may differ in content, albeit not materially, we expect.)

Using a purposive interpretation of Section (7)(2) of Act 987 as context, It is important to note that the emphasis of these definitions focuses on the electronic transfer of funds regarding savings, credit, insurance, or investments, whether it relates to making or receiving payment. It is vitally important to make this point, so as to clarify that the mere operation of a digital channel, for instance, a website, or mobile app, does not amount to providing Digital Financial Services, except if it involves electronic funds transfer between counterparties. With this foundation being laid, let's now deal with the substantive question.

Permissible or Not Permissible: Decoding the Text

The objectives of the Disclosure and Transparency Directives for Digital Financial Services and Products provided by Banks, Specialized Deposit-Taking Institutions, and Non-Bank Financial Institutions, 2022 are:

• provide a framework to guide providers with regard to the disclosure of information pertaining to digital financial services and products [...], and
• protect consumers of digital financial services and products by ensuring that institutions that provide these services do so in a transparent and fair manner by disclosing to the consumers and prospective consumers, all the information that is necessary to enable consumers to make informed decisions.

Curiously, the scope of the directive’s application includes “non-bank financial institution licensed under the Non-Bank Financial Institutions Act, 2008, (Act 774)”. That means Tier 4 NBFIs too. More curious even, is the content of Notice No. BG/GOV/SEC/2019/16. The aforementioned public notice, titled Licensing and Authorization of Payment Service Providers was issued by the Bank of Ghana on September 12, 2019, which notice provided, inter alia, particulars concerning permissible activities for various categories of Payment Service Providers. Currently, there are 46 duly licensed Payment Service Providers. The distribution is as follows: PSP Dedicated Electronic Money Issuer (4 licensees); PSP Scheme (1 license holder); PSP (Enhanced License holders - 34); PSP (Medium License holder - 4); PSP (Standards License - 2); Payment and Financial Technology Service Provider (1).

Take note that, the permissible activities for PSPs with Medium License, include “payment application for credit, savings, and investment in partnership with Banks”. Albeit it does not mention, SDIs, it’s reasonable to infer that SDIs are included, given the tone and texture of the Disclosure and Transparency Directive for DFS Services and Products by Banks and SDIs, 2022. In the same vein, that inference can be extended to cover NBFIs, albeit not mentioned therein. Here then is the third curiosity: currently, there are (and this is a fact) certain duly licensed NBFIs (Tier 4), that are using the services of licensed PSPs to provide Digital Financial Services. Stemming from the analysis presented thus far, pinning the liability on either the NBFI or the PSP for regulatory violation, seeing that the regulations (with their directives, and guidelines) have a gaping lacuna, may not be entirely justified.

This in no way excuses entities that are not duly licensed by the Bank of Ghana and are providing Digital Financial Services with the assistance of licensed PSPs (see Figure 1).This second category, particularly the PSPs, clearly, are in breach of the Anti-money Laundering Act 2020 (Act 1044), and Bank of Ghana’s Anti-Money Laundering/Combating the Financing of Terrorism & The Proliferation of Weapons of Mass Destruction Guidelines, 2022, which enjoins them to conduct due diligence on counterparties before on-boarding. Ignorance of the law is no excuse.

The real issue is what to do with the first category, the duly licensed NBFIs, doing legitimate business, and using the platform of a duly licensed Payment Service Provider, who, for all intents and purposes, is not acting ultra vires judging by Notice No. BG/GOV/SEC/2019/16. The current state of affairs is understandable, given the immense risk of money laundering and terrorist financing that DFS may introduce, especially for entities with weak corporate governance and risk controls. So how should policymakers and financial sector regulators approach the question of AML/CFT risk management without decelerating the momentum toward greater financial inclusion? I proffer six (6) recommendations for further discussion. But first, let me summarize and recap the main arguments of this article:

1. Due to the increasing volatility, and uncertainty characterizing global business supply chains, digitized business models (including electronic payment services) offers a pathway to efficiency optimization, by reducing transaction costs.
2. This trend (digital payments) is even more crucial in the non-bank financial sector, particularly for MFIs that ply their trade at the bottom of the pyramid to oil the wheels of financial inclusion with capital and financial literacy education for low-income populations.
3. From a regulatory standpoint, there are legitimate concerns about how to balance AML/CFT risks with financial inclusion outcomes for RFIs that provide Digital Financial Services. This notwithstanding, the corpus of regulatory tools that govern the DFS space is characterized by tension between the letter of the text, and the spirit of it.
4. The lack of clarity on the question of whether a duly licensed Tier 4 NBFI could procure third-party payment services from a duly licensed PSP, must be addressed, and soon.

Key Recommendations:

1. Third-Party Service-Level Agreement (SLA): The relevant units within the Bank of Ghana (OFISD, and Fintech and Innovation Unit), should engage key stakeholders within the PSP and Tier 3, and 4 NBFI nexus, to fashion out guidelines that will govern SLAs related to Digital Financial Services.
2. Compliance Reviews by Apex Bodies: Per Paragraph 2.7.5 of the AML/CFT Guidelines 2022, Accountable Institutions relying on intermediaries or other third parties service providers must ensure enhanced due diligence is performed. Apex bodies in the NBFI sector must take the lead in this Enhanced Due Diligence process to develop a Preferred Supplier List, out of which their member institutions could source third-party services related to payments.
3. Regulatory Disclosures: Implement a sunshine policy to promote market transparency. Section 42 of the Payment Systems and Services Act 2019, Act 987, empowers the Bank of Ghana to mandate prudential reporting by PSPs, in a manner and format it deems fit. As part of its risk controls toolkit, the Bank should direct all PSPs to publish the names of NBFI customers that are using its platform for Digital Financial Services. This will have a positive impact on market conduct.

About Tunka Institute
Tunka Institute for Policy and Program Evaluation is an independent non-profit, nonpartisan research organization dedicated to promoting evidence-based policy-making through rigorous empirical inquiry and dissemination of evaluative findings to the relevant stakeholders. Founded in 2015 as Rural Heights Foundation, it transitioned from being a direct social interventions platform to a policy think tank in 2017. The Institute’s research and evaluation work focuses on three areas; monetary policy, financial markets, and private enterprise development. The author is a research fellow at Tunka Institute.