LICENSING AND SUPERVION OF THE BUSINESS OF FINANCIAL INSTITUIONS DOWNLOAD (.pdf)
Regulation of Mobile and Agent Banking Services
Directives No. FIS /0112012
Whereas, use of technology and innovative financial service delivery channels such as mobile devices and agents have significant contribution in deepening financial service accessibility to the wider section of the population at an affordable price;
Whereas, it has been found essential to encourage and enhance savings mobilization through the use of alternative and innovative financial services delivery channels;
Whereas, there is a need to set the minimum standards for risk management and customer protection on the delivery of mobile and agent banking services;
Whereas, the National Bank of Ethiopia is responsible for ensuring , that financial institutions are delivering mobile and agent banking services without compromising the safety and soundness of the financial system of the country;
Now, therefore, in line with the powers vested in it by article 10 (5) of National Payment System Proclamation No. 718/2011 and article 59 (2) of Banking Business
Proclamation no. 592/2008, the National Bank of Ethiopia has issued these directives.
1. Short Title
These directives may be cited as “Regulation of Mobile and Agent Banking Services Directives No. FIS/0l/2012″
For the purpose of these directives:
2.1″agent” means a person engaged in a commercial business activity and has been contracted by a financial institution to provide the financial institution on its behalf in a manner specified in these directives
2.2″agent banking” means the conduct of banking business on behalf of a financial institution through an agent using various service delivery channels as permitted under these directives;
2.4″cash in and cash out services” refers to the deposit and withdrawal of funds including payments by customers to/from their mobile account using a variety of options including bank-branch counters, automatic teller machines and authorized agent locations;
2.5 “customer” means an individual or entity who uses mobile and agent banking services of financial institutions offered through mobile devices;
2.6″deposit” means placement of money with financial institutions, repayable on demand, or otherwise accepted by financial institutions from the public;
2.7″financial institution” means a bank or a microfinance institution;
2.8″fund transfer” refers to the transfer of funds from a customer’s or agent’s mobile or regular account to any other account or vice versa;
2.9″microfinance institution” means a company licensed by the National Bank to carryon micro financing business;
2.10″mobile account” means an account maintained by a customer in a financial institution in which debits and credits are effected by virtue of electronic fund transfer and which is used to conduct mobile banking activities as outlined in theses directives;
2.11 “mobile banking” means performing banking activities which primarily consists of opening and maintaining mobile/regular accounts and accepting deposits; furthermore, it includes performing fund transfer or cash in and cash out services using mobile devices;
2.12″mobile device” means mobile phones, smart phones, table personal computers, point of sale terminals or any other similar devices;
2.14 “person” means any natural or juridical person;
2.15 “pilot period” refers to the period in which mobile and agent banking service is being holistically tested with regards to its conformity to predetermined business and technical requirements in a limited test environment without making any public promotion;
3. Scope of the Directives
These directives shall apply to financial institutions that conduct mobile and agent banking services as set out in these directives
4. Modes of Business Conduct
4.1 Only financial institutions that are licensed by the National Bank are allowed to engage in mobile banking services.
4.2 Mobile and agent banking services shall be carried out only within the geographical boundary of Ethiopia and with only Ethiopian Birr.
4.3 Financial institutions can carry out mobile banking through their agents as specified in these directives.
4.4 Where financial institutions carryout mobile banking services through agents:
4.4.1 the financial institution shall be fully responsible and liable for all actions and omissions of its agent and this responsibility shall extend to actions of the agent;
4.4.2 all transactions involving deposit, withdrawal, payment or transfer of cash from or to an account shall be made on real time basis and financial institutions shall ensure that agents are able to carry out real time transactions;
4.4.3 agents shall not under any circumstance accept funds from customers that exceed their prepaid balance with financial institutions;
4.4.4 financial institutions shall automatically debit or credit the account of the agent or customer upon conduct of any transaction that necessitates reduction or increase of the account balance of the agent or customer; and
4.4.5 a financial institution shall have a mechanism to uniquely identify each of its agents.
5. Limits on Mobile Banking Transaction
5.1The maximum balance that should be available in a mobile account of a person with a financial institution at any time shall not exceed Birr 25,000 (Twenty Five Thousand Birr).
5.2 Daily mobile banking transaction that involves debiting of an account by a person with financial institution shall not exceed Birr 6,000 (Six Thousand Birr)
6. Application Processing and Approval
6.1. Prior to commencement of operation, a financial institution that intends to provide mobile and agent banking service shall seek approval from the National Bank.
6.2 A financial institution shall enter into a written contract with third party service providers such as technology service providers and telecom companies and such contracts shall clearly define the roles and responsibilities of each party in the provision of mobile and agent banking services.
6.3 A financial institution at the time of application shall submit to the National Bank at least the following.
6.3.1 Business plan that contains at least:
i) brief analysis of the country’s economy with particular focus on the financial system;
ii) operational and financial viability of the intended mobile and agent banking services for at least three years;
iii) pricing strategy including the initial transaction fee and charges that takes into account the sustainability of the mobile and agent banking service and the affordability of the service to the wider market;
iv) products and services to be offered, target markets, regional distribution and coverage of the service; and
v)agency arrangement to be used, technology service to be deployed, fee sharing arrangement, stakeholders and their respective role in the delivery of the service, impact of the services in improving financial service accessibility.
6.3.2 Operational Policy and Procedure Manual containing at least:
i) responsibilities of the board and senior management of a financial institution in relation to the new services;
ii) organizational structure of the mobile and agent banking functions and associated responsibilities;
iii) details of products and services to be offered such as product features, fees and charges, and transaction limits for the product;
iv)detailed narrative description and work flow diagram of the services to be provided (including registration, account opening; cash in transactions, fund transfer/remittance, cash out procedures);
v) accounting procedures and recording of transactions;
vi) agent management where applicable;
vii) internal control procedures;
viii) manner of reporting; and
ix) complaint handling and redresal system
6.3.3 Risk Management Policy and Procedure containing at least:
i) description of the inherent risks such as operational risks, reputation risks, legal risks and liquidity risks and specific policies, processes and systems that are in place to manage these risks; and
ii) notwithstanding the provision stated above, description of the inherent risks and the specific policies and processes that are in place to deal with risks shall specifically adresss risks emanating from customer, agent, technology service provider, mobile network operator and financial institution perspective.
6.3.4Board minutes showing that the board of directors of specific financial institution has reviewed and endorsed the mobile and agent banking services to be provided
6.3.5Agent due diligence policy and procedure and declaration of agent suitability assessment signed by a chief executive officer or chairperson of board of directors of a financial institution as set out under article 9.3 of these directives.
6.3.6Penalty matrix that shall be imposed on agents for possible violations of agreements and malpractices
6.3.7Agreement entered with third parties including technology service providers and telecom companies.
6.3.8Such other information as may be requested by the National Bank
6.4The National Bank, based on the criteria set out in these directives shall either approve for a pilot launch or decline a request made by a financial institution for the delivery of mobile and agent banking service and shall communicate same in writing to the applicant.
6.5 The pilot period shall stay for a minimum period of two months and shall not at a maximum exceed three months.
6.6 During the pilot period, the financial institution shall test the new service on a limited scale without making any public campaign and promotion related to the services. After completion of the pilot period, the financial institution shall prepare detailed report on the results of the pilot and submit same to the National Bank along with application. The pilot test report shall contain at least:
6.6.1 the volume and type of transactions executed,
6.6.2the outcome of the pilot transactions, errors, omissions identified,
6.6.3complaints received from customers,
6.6.4 any other issues and deviations identified, and
6.6.5 modifications and changes sought as the result of the pilot
6.7 The National Bank, based on the result of the pilot test and its own business risk assessment shall either grant or reject full authorization and approval for mobile and agent banking service within a maximum of one month from the date of submission of complete report as specified under article 6.6 hereinabove.
6.8 Applicants that do not qualify for full authorization as a result of the pilot test shall be given three months to correct their weaknesses to the satisfaction of the National Bank.
6.9 Applicants that fail to correct their weakness to the satisfaction of the National Bank within three months shall smoothly phase out their mobile and agent banking operation as per instructions of the National Bank.
6.10 Notwithstanding the provision stated above, the National Bank on sufficient grounds including violation of the provisions stated in these directives by concerned financial institution or in anticipation of any perceived or actual risk occurring in relation to the service may suspend or withdraw the approval and call the service off.
7. System Technology
7.1 The technology used for delivery of mobile and agent banking services must be secure and should at least ensure the following, which shall be part of the technology risk management program of a financial institution:
User awareness on their information security including how to secure Personal Identification Number (PIN) and other security features.
7.1.2Infrastructure and Software Application Risk:
i) information security standard,
ii) application error, message type and message handling,
iii) PIN and user authentication,
iv) financial and non financial data storage,
v) availability of services and backup,
vi) confidentiality of user information,
vii) data and transaction integrity,
viii) maintenance of audit trails ,
ix) segregation of duties, and
x) authorization controls.
7.1.3 Communication Media Risks:
i) communication protocol risks,
ii) data storage risks, and
iii) availability and quality of service
7.1.4 Agent and Third Party Service Provider Risks:
i) data encryption and message integrity,
ii) data storage and backup,
iii) physical and logical access to system, and
iv)authenticity and non-repudability of communication.
7.1.5 Business Continuity Plan:
i) availability of services,
ii) disaster recovery site,
iii) standardize way of the data center,
iv) redundancy of network communication, and
v) antivirus protection.
7.1.6 Interface Feature of the Application:
The system should be open (need to have a feature of interoperability with other system in any file format).
7.2 Notwithstanding the provision stated above, the information security policy of a financial institution shall be suitably and regularly updated and enforced to take care of the security controls required from time to time.
8. Customer Due Diligence Requirements
8.1 Financial institutions shall ensure their agents fully comply with the requirements of “Prevention and Suppression of Money Laundering and the Financing of Terrorism Proclamation Number 657/2009” and “Customers Due Diligence of Banks Directives No. SBB/46/2010”
8.2 Notwithstanding the provision stated above, financial institutions shall train their agents on prevention of money laundering and financing of terrorism requirements and on the procedures to be followed to ensure same.
9. Agent Management
9.1 Permissible Activities of an Agent
9.1.1 An agent, on behalf of principal financial institution, shall open regular saving account of natural persons. In addition, an agent may provide any of the following services as may be specifically agreed between it and the financial institution:
i) perform customer due diligence and “ Know Your Customer (KYC)”
ii) open mobile account of natural persons
iii) perform cash in and cash out services;
iv) transfer funds between different parties; and
v) perform various payment services.
9.1.2 Notwithstanding the provision stated above, agents shall not undertake banking transaction that involves the use of check and other check related instruments and any other operation related with provision of credit.
9.2 Agent Contract
9.2.1 Any person who is engaged in valid and lawful business or commercial activity within Ethiopia can be an agent of a financial institution. However, in case an agent has a specific regulatory body to which it is accountable to, it shall produce a written consent from the regulatory body permitting entering of agency agreement.
9.2.2 In making agency arrangement, a financial institution shall enter into a written contract with an agent for the provision on its behalf any of the mobile and agent banking services specified in these directives.
9.2.3 Every contract made between a financial institution and an agent shall contain at a minimum provisions that are specified under Annex I of these directives which is part hereof.
9.2.4 A financial institution shall provide certificate of agency to an agent that provides banking service on its behalf.
9.2.5In branding agent network, financial institution shall avoid use of words like bank, micro finance, financial intermediary, microfinance bank or any other word that might suggest that the agent by itself is a financial institution.
9.2.6Notwithstanding the provision stated under 9.2.1 above, i) a foreign person or entity that is fully or partially owned by foreign nationals ii) religious entity which is faith based and iii) not for profit such as non government organizations whose applicable law prohibits from engaging in profit making business shall not be an agent of any financial institution.
9.2.7 Other than the mobile and agent banking services specified in these directives, agents shall not engage in the marketing and sales of any other products of the financial institution.
9.2.8. under no circumstances shall agents impose a separate terms and conditions and charges apart from those provided by financial institution
9.3 Agent Due Diligence
9.3.1 Financial institutions making agency arrangement shall have a clear and well documented agent due diligence policy and procedure (for initial and ongoing assessment of agents). In addition, financial institutions, on the basis of same, shall conduct assessment of agents and take necessary corrective actions to ensure proper management of agents.
9.3.2 In assessing the due diligence of agents, financial institutions shall consider all relevant factors, including but not limited to:
i) the entity has an existing well established business/commercial activity and that the sources of funds of the agent have been ascertained;
ii) the entity possesses appropriate physical infrastructure and human resources to be able to provide services with the necessary degree of efficiency and security;
iii) the agent, as certified by police certificate from local police station, has no criminal record in matters related to finance, fraud, honesty or integrity and has a good/acceptable reputation;
iv) audited financial statements at least for the last one year, where applicable;
v) liquidity position of the agent to entertain deposit and withdrawal requests of customers; and
vi) any other matter that may negatively impact on the agent has been considered.
9.3.3 Notwithstanding the provision stated above, a financial institution shall at a minimum secure the following information from the agent it intends to work with as applicable:
i) the name of the entity proposed to be an agent;
ii) the certificate of incorporation, certificate of registration or valid permit or business license of the entity whichever is applicable;
iii) a description of the commercial activity the entity has been carrying on prior to the date of application;
iv) physical location, postal address and telephone number of the entity and its working hours; and
v) evidence of availability of funds to cover agent operations including deposits and withdrawals by customers.
9.3.4. The financial institution shall keep the information provided under the above provision in a confidential manner and in a safe custody and shall produce it to the National Bank as and when required.
9.3.5. The financial institution shall be responsible for the accuracy of the information provided by an agent and shall sensitize its agents on the provisions of theses directives and the obligation to comply with all the requirements.
9.3.6. The financial institution shall submit to the National Bank the agents list and information as per Annex II of these directive
9.3.7 In addition to the above, financial institutions, as specified under Annex III of these directives, shall provide a declaration signed by the chief executive officer or chairperson of the board of directors of that respective financial institution confirming that the institution has carried out the due diligence of the reported agents and they have been found to meet the minimum suitability assessment requirements as set out in these directives.
9.3.8 The National Bank, upon receipt of information of agents, shall list the agent in a register available to the public.
9.3.9 A financial institution may make one declaration for several entities as its agents or one declaration for a single agent as the case may be.
9.3.10 Upon receipt of list of agents and related information from a financial institution, the National Bank, if it considers necessary, shall verify the information provided to it. If the National Bank is not satisfied with the fitness and propriety of the agent, it shall require the financial institution to immediately discontinue the agency relation and terminate any agreement entered with such agent.
9.4 Agent Contract Termination
9.4.1 In addition to the provisions for termination of the agency contract as may be set out in the contract itself, an agency contract shall be terminated if an agent:
i. carries on agent banking business when the agent’s principal commercial activity has ceased;
ii. is found directly charging customers by itself without the knowledge of the financial institution and or against any of the predefined agreements entered with the financial institution;
iii. is guilty of a criminal offence involving fraud, dishonesty or other financial impropriety;
iv. sustains a financial loss or damage to such a degree which, in the opinion of the financial institution, makes it impossible for the agent to gain its financial soundness within three months from the date of the loss or damage;
v. is being dissolved or wound up through court or otherwise;
vi. in case of a sole proprietor, dies or becomes mentally incapacitated;
vii. .transfers, relocates or closes its place of agent banking business without the prior written consent of the financial institution;
viii. fails to hold or renew a valid business license; and
ix. violates any provision of theses directives as may in the opinion of the financial institution warrant termination of the agency relationship.
10. Notification and Publication of List of Agents and Related Information
10.1 Financial institutions shall have a dedicated unit at head office level that is responsible for coordinating mobile and agent banking services and centrally maintaining mobile and agent banking service related information.
10.2 Financial institutions shall submit to the National Bank an updated list of agents and their related information on quarterly basis.
10.3Financial institutions shall publish an updated list of all agents and related information, products and services offered and fee structure in their websites at least on a monthly basis and other publications as they may deem appropriate. Such information including the information specified under annex II of these directives shall be disseminated to all their branches and may also be disseminated to their agents.
11. Relocation, Transfer and Closure of Agent Premises
11.1 No agent shall relocate, transfer or close its agent banking premises without the prior written consent of the financial institution.
11.2 Notice of intention to relocate, transfer or close agent banking premises shall be served to the financial institution at least thirty days or longer period as may be agreed upon in the contract.
11.3 Each financial institution shall duly report to the National Bank the relocation, transfer or closure of agents as set out in these directives.
12. Customer Protection
Financial institutions shall put in place adequate policies and procedures to address customer protection and compliant redressal issues. To this end, the policies and procedures should address at a minimum the following:
12.1 customer identification procedure;
12.2 a mechanism for the customer to easily identify agents and the services provided through agents;
12.3 a requirement for agents to issue a standard, uniform and easily identifiable paper receipts for all transactions undertaken through them;
12.4 keeping secrecy and confidentiality of customers’ information;
12.5 requirements for mandatory disclosures of terms and conditions , risks and responsibilities of the customers and service providers
12.6 information such as standard logo/brand, list of products and services, copy of certificate of agency, service charges, updated list and address of agent network, mobile number of the agent, shall be displayed in the premise of the agent in a visible manner;
12.7 transparency in pricing products and services;
12.8 financial institutions shall store and avail at least the last 10 transactions
conducted by a customer on the system itself online;
12.9 a help desk, dedicated customer care telephone lines, and disclosure of the details of the help desk;
12.10. notification of customers on the timeframe and the circumstances in which any stop-payment instructions could be accepted;
12.11. recording/registering all customer complaints and how such complaints are redressed; and
12.12. establish a reasonable time frame upon which customer complaints shall be addressed which in any case should not be more than thirty working days from the date of reporting or lodging the complaint.
13. Reporting Requirement
Financial institutions that provide mobile and agent banking services shall:
13.1promptly report to the National Bank any suspected or confirmed cases of fraud, major security breaches, any material service interruption or other significant issues; and
13.2submit to the National Bank information related to the services as specified under Annex II, Annex III and Annex IV of these directives on quarterly basis within three weeks from the end of each quarter.
14. Effective Date:
These directives shall enter into force as of the 1st day of January 2013.