How should financial institutions approach consumer protection differently when they offer services through smartphones rather than humans?
This was the question we posed when the Smart Campaign team first started revising the standards to be applied to digital financial services, especially digital credit. We are very pleased to have launched the new Standards, their accompanying Guidance Document, and the companion Handbook for Regulators. What we didn’t expect, however, was quite how profound the differences would turn out to be. We made significant changes to the standards for all seven Client Protection Principles (the principles themselves remain the same). I want to focus here on the most fundamental: Appropriate Product and Delivery Design.
When financial service providers (FSPs) consider tackling client protection, their first thought is often, “We need a Code of Conduct!” That reflexive response shows that FSPs traditionally view protecting clients mainly through the lens of setting and enforcing boundaries on staff behaviour. And traditionally, that made sense. After all, ground zero for protecting clients occurs in the moments when they come face to face with staff. That’s when the client receives product information that is transparent (or not) and is treated (or not) with fairness and dignity. The practice of client protection has centered on defining codes of conduct, incentivising and training staff to follow them, monitoring their adherence, and applying sanctions to breaches.
When face-to-face interaction disappears, what happens to consumer protection?
When staff are not present, however, the client experience changes. On the one hand, the problem of rogue or substandard staff behaviour disappears, which is good for clients. But so does the helpful staff person who can answer a client’s questions and guide the client to the right product. With digital services, everything the client experiences is pre-programmed and embedded into the user interface upfront, before a single client has clicked on a single screen. Everything is determined in advance, through coding and algorithms, and the sequences roll along without individual human intervention.
In this setting, protecting clients is all about good design. But product and delivery design teams in FSPs include a range of people, not all of whom are traditionally alert to client protection: the IT team, the market research and marketing teams, commercial analysts, and possibly outside software developers. Team members come from different disciplines with different training and skills, and they may not even be aware of client protection principles. These teams need guidelines to assist them in integrating protections into the interfaces they ultimately design. For example, designers need to determine whether clients are likely to understand the product information they provide in a setting where they cannot easily ask questions. Those involved in market research and prototype testing need to have client protection issues in the forefront of their minds as they do their work.
To do this, they need a “code of conduct” for the design process, and that is how we think about the new standards for Appropriate Product and Delivery Design. We call the approach “Protection by Design,” taking a cue from the concept of Privacy by Design often advocated as a rubric for data privacy. Protection by Design is a vastly different approach to implementing client protection from the old codes of conduct. The focus is what goes into the product, rather than how the staff member behaves with each individual. Protection by Design focuses on anticipating the totality of needs of all clients and incorporates them right from the start.
And that brings up another profound difference between traditional client protection practice and the new standards. When the focus is on ensuring that the staff conducts successful interactions with each client, adherence is monitored on an ongoing basis through everyday work. With Protection by Design, and its focus on getting it right in advance for the whole portfolio of clients, the staff stand back and watch the machines do the work. There is no daily staff feedback to tell supervisors whether client outcomes are satisfactory. Thus, in Protection by Design, systems and methods for monitoring client outcomes – through portfolio data and direct client surveys – become essential.
We are just at the start of understanding these and other implications of Protection by Design for the practice of client protection. The Smart Campaign looks forward to engaging with members of e-MFP to build out and test robust tools that can enable the approach to be widely applied. We’d like to work out how to incorporate client input and testing during the design process, protocols for algorithm review and other facets of the new approach.
Beyond Protection by Design, the revised standards for digital financial services incorporate several other very important changes, some of which are among the hottest issues in the sector today: data privacy, data security, and the thorny question of fairness and responsibility in algorithm-based lending. The Smart Campaign will dig deeper into these issues during the coming year.
We would like to thank all those who worked with us in designing the standards, especially MFR and the members of the Fintech Protects Community of Practice. It has been a community effort.
In a world that is changing very rapidly, we consider the client protection standards to be a permanent work in progress, anticipating that they will need to be adapted as new developments in financial services occur. At this stage, our hope is that the players in the financial inclusion sector will actively promote and use the new standards to ensure that the sector does right by its clients, no matter what methods it uses to deliver its services.
We invite you to review the standards and send us your thoughts.
Photo: Will she be protected by good digital product design? A Bolivian client of BancoSol, a Smart-certified institution (source: CFI at Accion)