Mobile Money: Legal and Regulatory Issues

I’m spending today at the Macroeconomics of Mobile Money conference at the Columbia Institute for Tele-Information (CITI). I wasn’t able to come to the first session on the macroeconomic impacts of mobile money, but the 11:30 session is on the legal and regulatory issues surrounding the rise of mobile banking and mobile payments.

Liveblogging. Please excuse misrepresentation, misinterpretation, typos and general stupidity.

Overview of Regulatory Issue of M-payments

The lawyers are going to say there’s nothing new, and the regulators are going to say, “yes there is.”
— Richard Field, moderator

Benjamin Geva opens the panel by explaining the difference between access devices (which aid in the transfer of funds from one bank accounts to another) and stored-value products (where you load the value onto a prepaid card or something similar). The problem with mobile banking is that mobile phones act as both kinds of devices.

There are three types of mobile payments: SMS, web-based payments using wireless application protocol (WAP), and near field communication (NFC). NFC can only be used when two mobile phones are close to one another (“proximity payments”), while SMS and WAP can be used remotely.

The problem is that different regulatory articles apply in different situations, and mobile phones combine multiple situations in a single device and a single transaction. Neither lawyers nor regulators are sure which regulations to apply. Some of the key questions:

• Does a mobile transaction actually involve money?
• Does prepayment constitute a “deposit” in a “bank” of sorts?
• If mobile money can be issued by a non-bank (like a mobile phone company that sells airtime), then should it be regulated?
• Should it be protected in the same way that money in a bank is protected?

Geva thinks the best approach is to try to create a new, broader regulation system that would eliminate this confusion by covering all of these situations.

Regulatory Challenges in the Developing World

Leon Perlman, founding chair of the South African Wireless Application Service Provider’s Association, is up next to talk about legal issues in the developing world. He starts with some stats:

• Over 1 billion people don’t have a bank account but do have a mobile phone.
• By 2010, 1.7 billion people who won’t have a bank account will have a mobile phone.

Perlman argues that though we’re talking about mobile banking, what’s really happening on the ground is mobile payments. Microfinance institutions focus far more on payments than on a full suite of banking services, though “human ATMs” are becoming more popular.

He notes the “paucity” of existing laws related to mobile money — research currently refers to practices rather than regulatory guidelines. Lots of loopholes — both good and bad — exist for emerging technologies. In Kenya, the minister of finance decided to audit M-Pesa to see if it was legal; in Pakistan, a similar service was shut down by the government.

Many developing countries, including Kenya, Zambia, Pakistan and India, are currently developing laws on mobile banking and mobile payments. These laws vary in terms of how much regulation they’re applying and how much freedom mobile banking operators have to develop new services.

Perlman points out that some sort of coordination is needed with existing telecoms regulations, not just existing banking regulations. Who has jurisdiction? Who will bear the costs involved in accessing banking services? Mobile banking regulations must also be consistent with existing laws on e-commerce, consumer protection and privacy.

Another issue of concern is conflicts with common law views on banking and payments. What is money? What is the status of prepaid airtime? Is it part of your estate? These questions will only become more important as mobile banking becomes more popular.

Perlman argues that regulation should be proportional to the risk involved. Do we really need expensive regulation, or is more simple supervision enough for now? He strongly believes that policymakers should not be allowed to regulate the types of technology or transactions involved.

Perlman believes that branchless banking is a good thing, a way to increase competition against bank monopolies without completely disrupting the existing system.

Perlman concludes that there are no readily available supra-national answers to mobile banking regulation — we need to do this at the country level. We need necessary and sufficient regulation, but no more.

Opportunities and Dangers with E-payments

Carol Van Cleef is up next. She starts with a warning:

The criminals are the first adopters.

Criminals are motivated, Van Cleef argues. They want to know how the system works so they know how to make the most of it. So what does this mean from a public policy standpoint? How can we reduce the risk of misuse?

This networked climate forces us to rethink how best to protect our values and our security in a world where the tools for creating violence and chaos are as easy to find as the tools for buying music online or re-stocking an inventory.
— Homeland Security Secretary Janet Napolitano

E-payments are attractive to consumers because they are convenient, fast, secure, cross-border and often anonymous. These same “features” mean that mobile money entrepreneurs worry about criminal (or even terrorist) money coming through their systems. This isn’t an abstract worry: we’ve already seen this happen with drug traffickers and other types of criminals.

Side note about the difficulties of compliance with existing regulations: the US has a law saying that if you put a payment system into place without having a license from the state in which you operate, you’ve committed a federal crime, which can then become the basis for a complete seizure of your assets. On top of this, all of your customers may sue you for losing their money.

Van Cleef argues that there will be criminal activity in a system — there’s no way to stop it — so organizations must focus on risk assessment. They must decide how to identify and verify customers, how to monitor their system, and how to allocate responsibility.