As recently as 2011, only 42 percent of adult Kenyans had a financial account of any kind; by 2014, according to the Global Findex, database that number had risen to 75 percent.  In sub-Saharan Africa, the share of adults with financial accounts rose by nearly half over the same period. Many other developing countries have also recorded gains in access to basic financial services. Much of this progress is being facilitated by the digital revolution of recent decades, which has led to the emergence of new financial services and new delivery channels.
Whereas payment services often are the entry point into using formal financial services, they are not the only low-cost and widely accessible financial services being delivered in recent years. Driven by advances in new digital payment services, small-scale credit and new modes for delivering insurance services are being offered in several developing countries. Digital (payment) records are being used to make decisions about provision of credit to small businesses or individuals who do not have traditional collateral or credit history to secure loans. Additionally, affordable mobile systems have led to the provision of new and innovative financial services that would not be economically sustainable under the traditional brick-and-mortar model such as mobile-based crop microinsurance in sub-Saharan Africa and pay-as-you-go energy delivery models for off-grid customers in India, Peru, and Tanzania. 
Increased access to basic financial services, especially payments services, by larger segments of the population reflects the growing use of digital technologies in developing countries. Simultaneously, the adoption of proper regulation based on country-specific opportunities, needs and conditions has been critical.
Poor regulation is one of the major obstacles to financial inclusion. Others include lack of good infrastructure, weak institutions and poor cooperation, and unstable economic and political conditions. The report of CGD’s Financial Access Task Force, however, focuses solely on regulatory issues for two main reasons. First, regulatory changes often are needed to enable the successful adoption and adaptation of new innovations in digital finance, encourage their use, and increase competition among their providers, so that those new technologies can benefit the poor. Second, progress in improving financial inclusion must be compatible with the traditional mandates of financial regulation and supervision: safeguarding the stability of the financial system, maintaining its integrity, and protecting consumers.
The Challenge of Designing Effective Regulation
Determining the best regulatory approach for finance in general is challenging, as the rules will have to reflect the features of each specific financial service and the risks arising from alternative forms of financial service provision. This challenge is even greater for digital finance, given the many new forms of provision and providers. Policies and regulations will have to vary in a number of dimensions to help ensure efficient service delivery that is also safe to the users and to the overall system.
Three principles for pro-inclusive regulation
1. Same regulation for similar functions:
Financial services providing the same functions are regulated in essentially the same way regardless of the provider’s institutional form.
2. Regulation based on risk:
Stringency of regulatory requirements is commensurate with the risk that an activity poses to the individual (consumer or provider) and to the stability and integrity of the financial system.
3. Balance between ex ante and ex post regulation:
Balance between specifying clear rules of the game ex ante and also using authority to intervene ex post after a problem or market failure has been identified.
To tackle these challenges, the approach to regulation for financial inclusion advocated in this report follows three principles commonly used to guide regulatory choices: similar regulation for similar functions,regulation based on risk, and balance between ex ante and ex post regulation. Relying on these principles, the report advances specific recommendations in three distinct regulatory areas: competition policy, leveling the playing field, and know-your-customer (KYC) rules (see figure 1). A full list of the report’s recommendations appears at the end of this brief. Numbers in parentheses refer to specific recommendations from the report.
Key Regulatory Areas and Relevant Recommendations
1. Competition policy
A market open to fair competition matters for financial inclusion because it leads to a greater variety of products and services, increased efficiencies and lower costs, which ultimately means potential consumers currently on the sidelines will be more easily included. Competition policy’s main goal is to allow — and indeed, encourage — new providers to enter the market. Due to crucial differences in their overall nature and activities, the rules of entry should most likely differ between traditional players, such as banks, and nonbank digital services providers (DSPs). For the former, entry should be conditional on standard fit-and-proper requirements. If they meet those requirements, and as long as strong regulatory, supervisory, and consumer protection frameworks are in place, banks should face no constraints on entry and minimal limits on the services offered (recommendation 1).
For nonbank DSPs, entry rules should depend on the services they offer. Entry of DSPs that offer bank-like services (stores of value not fully backed by safe assets, credit, and so forth) should be conditional on fit-and-proper standards similar to those for banks, but otherwise liberal. For those providers that restrict their retail activities to (small) payments and transfers or that offer stores of value fully backed by safe assets (such as government securities or other highly liquid assets), standards should be relatively minimal and entry should be liberal, as their activities would pose little risk to the customer and the overall financial system (recommendation 2). In all cases, licenses should be awarded only to providers with proven technical and financial capabilities to ensure the quality of the services offered. For all providers, laws and regulations must ensure that no-longer-viable providers exit the market (recommendation 3). Sound antitrust rules and procedures are also needed to avoid the emergence of entities with excessive market power and uncompetitive pricing (recommendations 4 and 22).
A goal to help achieve full financial inclusion is a fully interoperable financial system, in which any user of any digital network can transact with any other. The issue is whether (and if so, when) interoperability can be expected to emerge spontaneously as a market solution, and if it cannot, whether (and when) it should be mandated through competition policy. Most often, regulators should not have to mandate interoperability, as they can allow the market to spontaneously develop and implement the proper arrangements to reach interoperability.
Approaches to interoperability in Tanzania and Kenya
Interoperability as a market solution
In Tanzania, interoperability in the mobile-payments market emerged as a market solution through an industry-wide process facilitated by the International Finance Corporation (IFC) who acted as an impartial broker between participants. The regulator’s stated preference was for the market to reach interoperability on its own. Airtel, Tigo, and Zantel became interoperable on September 2014. Vodacom joined in early 2016.
Partial interoperability through ex-post regulation
In Kenya, business incentives created by an ex post regulatory approach led to partial interoperability. Safaricom’s M-Pesa, the leading mobile money service, lacks full interoperability with services offered by other operators. Kenyan authorities were concerned about the high-level of agent exclusivity (before July 2014, 96 percent of agents were serving one provider exclusively). In July 2014, Safaricom opened up its M-Pesa network of 85,000 agents to competitors just before the Competition Authority of Kenya ordered it to do so.
However, there are situations where regulatory interventions may be warranted; the timing of these actions is key: imposing interoperability too early can inhibit innovation and the development of digital transaction markets, but acting too late can lead to system inefficiencies and entrenched monopolies. Regulators should thus ensure that digital services retain the capacity to become interoperable, while keeping the option open to mandate interoperability in the future should it become necessary (recommendations 5 and 23).
The inputs required for the production and distribution of financial services (such as network services for payment and settlement, credit bureaus, and a functioning telecommunications system) must also be accessible to all providers wishing to use them, fairly priced, and efficiently provided. For example, traditional banks entering the mobile payments market should have equal access to telecommunications networks, and DSPs offering credit services should have equal access to the information held by credit bureaus (recommendations 6 and 25).
2. Leveling the playing field
A level playing field in financial services is enabled by regulations ensuring that functionally similar services are treated equally as long as they pose similar risks to the consumers of the service or to the financial system as a whole. A level playing field for each service is critical to ensure that all the providers compete on an equal basis. Equal treatment by service matters for financial inclusion because it allows a more consistent consumer protection across service providers, it can help expand the market frontier for financial services and finally, because the providers of the new, digital financial services on which greater inclusion depends often differ greatly from one another in their structure and business models. In addition, a level playing field reduces the scope for regulatory arbitrage and other distortions.
Unleveled regulations in Indonesia undermine the growth of mobile money networks
Despite Indonesia’s high mobile-phone penetration and large volumes of government-to-person payments, only 36 percent of Indonesian adults have an account at a formal financial institution (Global Findex 2015). Indonesia’s regulations only permit big banks to hire informal, unregistered entities (such as mom-and-pop stores) as e-money agents. Smaller banks and mobile network operators (MNOs) can only partner with registered legal entities, which restricts them from building dense agent networks in rural areas. As a result, MNOs are struggling to scale up their operations.
To operationalize this concept, regulators must first define each of the different services clearly and unambiguously (recommendation 7). On an “equal basis” refers to equality across providers of a given service. For example, to the extent possible, payment services must receive identical treatment, whether the provider is a bank or another kind of institution and whether it operates online or from a brick-and-mortar office (recommendations 8 and 24). Moreover, regulation should not discriminate among providers as to their rights, obligations, and entitlements for use of critical institutional infrastructure (recommendation 21).
Two important qualifications deserve particular attention. First, a level playing field does not mean that all types of financial services should be treated exactly the same with regard to regulations. Characteristics, including risks, vary across services — payment services greatly vary from insurance services. Therefore, regulatory requirements should vary by service as the overall objectives (consumer protection and stability and security of the financial system) can only be achieved through different approaches. With a level playing field, providers, even if of a similar institutional form, could thus be regulated differently if they offer different sets of services. Second, even when providers deliver functionally the same service, a level playing field does not mean that regulatory approaches cannot vary across providers when risks — to the user and to the financial system — vary across providers. In these cases, providers may be subject to different risk-based requirements, even when all other regulatory requirements (such as those aimed at enhancing competition, consumer protection, or financial integrity) are the same for the specific services they offer.
To illustrate this concept, consider the activities of DSPs. Those DSPs that limit their provision to small transactions — whether payments, remittances, or transfers — and do not offer a store of value pose little risk. They can be subject to standard payment or money transfer regulations only, whereby intraday settlement risks can be addressed within the payment system framework (recommendations 10 and 21). Only when DSPs offer stores of value and engage in other bank-like activities does additional regulation become necessary, which will depend on how the DSP is set up (see figure 2). DSPs that offer stores of values that are fully backed by safe assets require little additional regulation, but DSPs that use their stores of values to fund credit or to provide other forms of intermediation must be subject to regulations similar to those that apply to deposit-taking commercial banks ( recommendation 11). This last comparison shows how two providers offering the same service (store of value) are appropriately subject to different regulatory requirements, in this particular case because of differences in the risks involved in the usage of the funds.
When DSPs offer stores of value not fully backed by safe assets, there are also important considerations about whether the provider needs to and can have insurance to protect customers’ funds and the rules that accompany any insurance. Moreover, additional bank-like regulations are needed to protect the user — and, if applicable, the deposit insurance agency — from the risks entailed by the intermediation (recommendation 12). The bottom line is that the onerousness of regulations on any provider should be commensurate (level) with the risks that the provider’s overall activities pose to customers and to the overall financial system.
An important recommendation for leveling the playing field is that all providers of financial services — banks, DSPs, and others — must be made subject to regulations aimed at protecting consumers from fraud and other identified harms and at preventing discrimination. Such regulations will have to be equivalent across all types of providers (recommendations 13 and 26) and will inherently foster greater inclusion.
An important corollary recommendation is that the regulatory regime for all digital and non-digital forms of financial services provision, notably for payment services provision, is consistent across all regulatory agencies (recommendation 9). This task is challenging, especially when services are provided by mobile network operators (MNOs) and other DSPs that have their own regulatory and supervisory authorities (e.g., a telecommunications regulator). A complementary recommendation, therefore, is for greater coordination among all, both financial and non-financial, regulatory and supervisory agencies (recommendation 14).
3. Know-your-customer rules
Another task of financial regulation is to preserve the integrity of the financial system, in particular by combating money laundering and the financing of terrorism. Essential to this task is ensuring that financial institutions know who they are dealing with. A financial system in which customers have total anonymity is one that can be abused and corrupted, with potentially dangerous consequences for financial stability. Knowledge of one’s customers also matters for financial inclusion because financial institutions that do not know their clients will be less willing to extend their full range of services to clients. Hence, strong KYC rules are indispensable for financial integrity and financial inclusion.
The financial integrity and financial inclusion goals, however, can at times conflict. Thus, the challenge in designing KYC rules, at both the national and the international levels, is to ensure that they are adequate for maintaining financial integrity yet do not create unnecessary barriers to inclusion, but rather, work to enhance it. This calls for a risk-based approach, following the principle of proportionality, as expressed by the Financial Action Task Force as well as the G20: “To strike the right balance, existing regulations should be carefully analyzed to establish whether their demands on service-providers are proportionate to the risk.” 
In line with this approach, KYC rules should recognize the minimal risks that small value transactions pose to the system. One way is by allowing for restricted and graduated accounts (recommendation 16) — specially designated accounts, with limits on their balances and size of transactions, to which less onerous KYC rules apply. This would be the first level of a tiered KYC regime which would increase the customer due diligence requirements in line with the volume, size and nature of the customers’ transactions.
Also, to support a level playing field, KYC rules must be similar across mobile and brick-and-mortar providers of the same service. In line with the principle of proportionality, rules and penalties for violation should be set according to what are regarded as more and less serious failures of KYC processes (recommendation 18). Penalties should be set on a graduated basis, increasing as the failure of compliance with KYC requirements becomes more severe and regular. For small accounts and limited transactions, penalties should be imposed according to failures to comply with KYC requirements rather than on the number of infractions that have taken place.
Technology-driven national identification system in India through Aadhaar
Aadhar is a unique, secure identification number that can be verified online and in real time. The 12-digit number is stored in a centralized database and linked to individuals’ biographic and biometric information: photograph, fingerprints, iris scans, and digital face prints. By enabling people to open restricted accounts subject to later showing proof of Aadhaar, India is using financial inclusion as a carrot that encourages registration rather than registration as a stick that constrains financial inclusion. Over 900 million Indians have been enrolled so far.
As with other regulations, KYC rules should be applied, as much as possible, uniformly across countries and, within countries, across supervisory agencies. Such enforcement will require greater coordination at both the national and the international levels (recommendation 15). To facilitate compliance with KYC rules for banks and DSPs and to support cross-border KYC applications, national identification systems may have to be strengthened ( recommendation 17). At the international level, regulation should encourage a shift from cash-to-cash wire transfers toward direct transactions between identified account holders (recommendation 19). Finally, as an interim solution for countries deemed to pose particularly severe risks to global financial integrity, a special transfer system for transactions to and from those countries might be set up as a “safer corridor,” available only to those local financial intermediaries and transfer recipients included on a preapproved positive list ( recommendation 20).
Full recommendations from the report
Provided that strong regulatory and supervisory institutions and solid consumer protection frameworks are in place, entry of “fit and proper” banks and other traditional providers into the financial services market must be facilitated, with the fewest and least intrusive regulatory barriers possible. Limits on the products and services these providers offer and on the inputs they use to produce and deliver services should be minimal.
Entry of DSPs that restrict their retail activities to (small) payments and transfers, or that offer stores of value fully backed by safe assets, should be relatively liberal. In contrast, higher entry standards, including “fit and proper” entry rules and tests, should apply to DSPs that, in providing their services, pose risks to consumers and to financial system stability, such as those providing stores of value not fully backed by safe assets, credit or insurance.
For DSPs active in services beyond payments and fully backed store-of-value services, the rules governing exit from the market must be as well-specified, on an ex ante basis, as they are for banks and should typically extend beyond those in the bankruptcy laws governing commercial businesses. Exit rules for DSPs that restrict their activities to small payments and transfers and fully backed stores of value, with no or limited (intraday) exposure to loss and small overall transaction volumes, can largely follow commercial bankruptcy laws and procedures — but with the option for ex post regulation — provided appropriate safeguards to protect customers’ funds are in place.
Sound antitrust rules and procedures are needed in the financial sector to avoid the emergence of entities with excessive market power. The antitrust regulators must have adequate tools and resources at their disposal to analyze the current state of competition, and they must have the authority to break up monopolies and oligopolies, penalize collusive behavior, and challenge uncompetitive pricing structures.
Interoperability among DSPs, and between them and traditional financial services providers — including through open (nonproprietary) technical standards — is essential for effective competition and for financial inclusion. Interoperability ideally emerges as a market solution, and if not, should be encouraged. If regulatory intervention is, however, needed, timing is key: interoperability should not be mandated either too early or too late.
Taking into account choices made with respect to interoperability, except where consumer protection and financial stability may be compromised, inputs required for the production and distribution of financial services must be accessible to all providers interested in using them, be fairly priced, and be efficiently provided. Codes and standards can help toward this objective, but direct (ex post) government intervention to eliminate access barriers and address discriminatory pricing might be necessary at times.
Leveling the playing field
Leveling the playing field for financial services starts with regulatory agencies clearly distinguishing the various services from one another.
To the extent possible and applicable, identical rules should apply to functionally identical services, regardless of the institutional form of the provider.
A consistent regime for regulating all forms of payment services provision is preferable, and the rules should ensure a level playing field in the delivery of various payment services.
Risks to users and general financial stability concerns arising from payment services, such as intraday settlement risks and other (systemic) risks, should be addressed within the payment system framework and should not differentiate by type of provider. MNOs and other DSPs that limit their provision of retail financial services to payments should be subject to payment regulations only.
For MNOs and other DSPs whose services go beyond simple payment transactions, additional regulation and supervision should apply. Those regulations may include restrictions on the use of the funds. For those store-of-value instruments that are not fully backed with safe assets, regulations should typically be similar to those that apply to deposit-taking institutions (“banks”). They can include, if applicable, insurance and related requirements.
To the extent that the DSPs uses stored values to fund the credit it extends, additional requirements will have to come into play, typically similar to those applied to banks to protect the individual saver, the insurance provider (if the stored values are insured), and the stability of the overall financial system.
All providers of financial services — banks, MNOs and other DSPs, and others — must be made subject to regulations aimed at protecting consumers from fraud, abuse, and discrimination. For any given service, these regulations should be equivalent across all types of providers of that service.
Coordination among supervisory agencies is as essential for digital financial services as for traditional ones. Coordination problems can be minimized by specifying clear mandates for all agencies involved and by ensuring their adequate accountability and independence. MoUs can further help improve coordination.
An urgent need exists for greater coordination of efforts toward a sound global KYC regime, both among the national authorities of different countries and — within some countries — across individual agencies. Clearer guidance from the FATF could be useful in both cases.
In line with the risk-based approach, KYC rules should recognize the minimal risks posed by customers undertaking small transactions by allowing for restricted and graduated accounts. Less onerous KYC measures should be required for certain types of basic accounts especially useful for low-income customers, with limits on their balances and on the size of transactions. KYC rules should also support leveling the playing field between banks and DSPs: the rules must be similar for all providers of the same service.
National identification systems must be strengthened, both to facilitate compliance with KYC rules for banks and DSPs and to support the effectiveness of the preceding recommendations as they apply to cross-border transactions.
In keeping with the principle of proportionality, regulators must articulate what they regard as more and less serious failures of KYC processes and set rules and penalties accordingly. For small accounts and limited transactions, penalties should be set according to failures to comply with KYC requirements rather than on whether or how many infractions have taken place. Penalties should also be set on a graduated basis, increasing as the failure of compliance becomes more severe and regular.
Regulation should encourage a shift from cash-to-cash wire transfers toward direct international transactions between identified holders of bank accounts or e-money.
In cases in which a country is deemed to pose particularly severe risks to global financial integrity, a special transfer system for transactions to and from that country might be set up as a “safer corridor,” available only to those local financial intermediaries and transfer recipients included on a preapproved, or positive, list.
The retail payments system
In principle, regulation should not impose on payment services providers, users, or other network participants any of the following: rules that discriminate between authorized payment services providers as to the rights, obligations, and entitlements of participants; restrictions on the basis of institutional status; or restrictive rules for effective participation in other systems.
As a general principle, and consistent with this report’s general recommendations on competition, pricing of payment services can be left to the market. In some circumstances, however, interventions may be needed to ensure that pricing policies are in line with the provider’s actual costs. Such interventions may include, for example, limits on interchange fees. Ensuring near-universal access may also require other types of interventions.
Consistent with recommendations in section 2, regulatory intervention to ensure interoperability of payment systems should be undertaken mostly ex post — and then only when necessary. If intervention is required, regulators should be mindful not to mandate interoperability of payment systems either too early or too late; the former can dampen innovation and market development, whereas the latter can allow one or more dominant players to accumulate too much market power.
Merchants should be free to choose which payment channel or channels they will use, but they should be discouraged from signing exclusivity arrangements. Customers should not be forced to use, or to pay more for, one means of payment when more than one are available. Regulation should be technology neutral, and standards should be based on functionality.
The operation of infrastructures for the processing, clearing, and settlement of payments is best left to the market, with retail payment instruments fully integrated. As a general principle, the public sector should be involved only as a regulator of infrastructure but, in exceptional cases, could serve as an operator of the infrastructure.
A solid institutional framework requires disclosure of fees charged — in ways that make them easily comparable across providers and products — and the provision of adequate customer recourse and dispute resolution mechanisms. The objective of financial system integrity should be balanced with that of not unnecessarily hindering access to payment services.
 Demirgüç-Kunt, Asli, Leora Klapper, Dorothe Singer, and Peter Van Oudheusden, “The Global Findex Database 2014: Measuring Financial Inclusion around the World,” Policy Research Working Paper 7255, World Bank, Washington (2015).
 These and other examples are documented in Queen Maxima of the Netherlands, Speech by Her Majesty Queen Máxima of the Netherlands, United Nations Secretary General’s Special Advocate for Inclusive Finance for Development (UNSGSA), at the All Governors’ Meeting, Bank for International Settlements, Basel, 9 November 2015; Camilo Tellez and Peter Zetterli, “The Emerging Global Landscape of Mobile Microfinance”, CGAP (2014); and Jacob Winiecki and Kabir Kumar, “Access to Energy via Digital Finance: Overview of Models and Prospects for Innovation,” CGAP (2014).
 GPFI (Global Partnership for Financial Inclusion), “G20 Principles for Innovative Financial Inclusion,” Alliance for Financial Inclusion, Bangkok (2011).