Policy Directions for a Modularised and Well-Functioning Financial System

By Deepti George, Dvara Research

In our concluding blog post in the series on the conference we recently hosted, we attempt a synthesis of the big pertinent questions that emerged from the discussions.

The Conference noted that in financial regulation, there are certain non-negotiable principles from a regulator’s point of view namely: financial stability, AML (Anti-Money Laundering) requirements, customer fair practices, depositor protection, and institutional neutrality. However, flexibility is afforded for aspects such as micro-prudential regulations, activities undertaken, product types, ownership rules and customer interfaces. These would apply to the modular world just as it did for the non-modular world even while there was acknowledgement that the former is exposed to a whole new set of risks as elucidated in the previous posts. Currently, in context of financial products, Indian regulations employ a range of tools designed to protect consumers ex-ante, such as product design regulations, disclosure and incentives regulations and codes of conduct. However, with respect to consumer data, limited and ineffective regulations exist, driven by the Information Technology Act 2000[1] and with additional limited data protection regulations prescribed by each financial sector regulator.

We discuss below the broad themes that emerged from the Conference and which would benefit from further exploration both in terms of research and policy priorities:

1. How do we design strong data protection regulations in financial services?

The protection of individuals’ privacy is a policy goal as important as financial inclusion. It was noted that privacy harms tend to be of a permanent nature and cannot be undone, therefore deferring them to later may not be the best policy response.

The sessions discussed regulatory mechanisms to protect consumers from data harm. While India’s data protection legislation is still in the making, most of the principles of existing data protection regulation are founded on the “notice” and “choice” model. They were created for the use case where the data subject was physically handing her data over to the processor, with complete awareness of the content of data and the purpose of its collection, and she could exercise control over how much information she shared with the processor. However, there is growing consensus this model has become ineffective due to various reasons. In order to improve the data protection regime, there needs to be more research conducted to understand how individuals’ valuation of privacy needs to inform policy discourse. Unfortunately quite often this involves presenting dire trade-offs to consumers.

Therefore, more nuanced ways of framing questions around the value of personal information need to be designed.

  • How should the regulator design incentives for markets to adopt privacy enhancing techniques like privacy-by-design or privacy-by-default?
  • How does the financial regulator create greater standards for transparency and accountability in a modular financial system?
  • What are categories of data that firms engaging in financial services should not be allowed to collect or use for the design and delivery of products?

The Conference discussion predates the Supreme Court of India’s judgment[2] recognising a fundamental right to privacy guaranteed to all Indians[3], as well as the Report of the RBI Committee on Household Finance and the White Paper of the Committee of Experts of Data Protection, both of which underscore the importance of a robust framework for data protection.

2. How do we strengthen market conduct regulations in a modular financial system?

Conduct regulations have focussed on training, and adequate disclosures at the point of sale. There was broad recognition that current mechanisms have minimal efforts directed towards systematic detection of conduct violations. The use of disclosure was very important as a regulatory tool to achieve a “Do No Harm” outcome for the customer. However, it is perhaps a mediocre or even too low a bar to set for ourselves in terms of what financial services can achieve for the end customer. Even if customers may on average ‘learn’ to choose good products for themselves, those who cannot fend for themselves, ie, the ones at the ‘tails’ in the distribution are important from the point of requiring regulations to be protected. At the other end is ensuring that customers get provided with products that are ‘optimal’ for their financial lives. Aiming for a middle ground between these two extremes would be a good target to work towards for the financial sector. With the proliferation of different mediums and channels to engage and provide financial services, and the emergence of multiple players seated within each product delivery channel, there was a strong sense that the relevance of existing conduct regulations needed to be strengthened significantly.

However, market conduct does not have separate treatment by regulators, with the focus being on supervision of micro-prudential requirements, besides the extensive and wrongful prescription of such requirements to fix consumer protection problems. Existing market conduct regulations are most likely observed in institution-specific or product-specific or distribution channel-specific Fair Practice Codes rather than them being function-specific (such as for credit, insurance, savings and deposits, payments, investments, pensions), leading to regulatory arbitrage opportunities for market participants to tend towards setting up businesses under licenses that afford laxer regulatory treatment. This can be both between regulators as well as between different licensing arrangements or product-level regulations put forward by the same regulator. Therefore, the overarching question would be

  • What are conduct regulation tools that can be used in addition to the disclosure and consent model to ensure protection against unsuitable sale for the consumer?

The emergence of a modular financial system further exacerbates misconduct risk, as described in previous sections, and raises questions on assignment and enforcement of liability in the case of misconduct.

  • Are liability regimes feasible regulatory responses to the Modularisation in financial services? If so, how can we change the legal infrastructure to support the creation of a meaningful liability regime?

3. How do we design necessary and sufficient micro-prudential regulations for new entrants?

The application of the micro-prudential regulations has to be designed in a way that it minimises regulatory arbitrage between institutions providing similar functions such that it promotes competition between institutions. For example, it is worth questioning whether the micro-prudential tool of licensing in itself is required for all the different types of modular institutions described in the previous section. More efforts need to identify the principles that will further decide the regulatory requirements that will serve as ‘entry barriers’ to ensure viability and orderly development of firms and their ability to keep promises to their customers regarding the levels of business proposed by them when beginning operations.

Most modular entities can be summarised to fall into either of two buckets: Distributors and Manufacturers. Market conduct regulations would have to be applied in the case of any firm in the business of distribution in order to ensure to protect the consumer from the harms defined. Differential application of prudential regulatory tools would have to be applied based on the level and types of risks that are being housed by the firm. Micro-prudential regulations should be designed to maintain a pre-defined target probability of failure of regulated institutions. The smooth functioning of the resolution infrastructure of the country and the success of the IBC and the FRDI Act would be key to achieving this. The introduction of risk-based pricing of deposit insurance, which is yet to become a reality in India, would continue to be a bottleneck to achieving efficient resolution of banking institutions.

4. How do we improve ex-post consumer grievance resolution in a modular financial system?

Current architectures in financial services entail enforcement of customer protection primarily through ex-post grievance redressal mechanisms for each regulator and regulated institution type (case in point being there being no Ombudsman for complaints against NBFCs), and consumer protection forums/ courts. To the extent that systematic mis-selling or unfair contractual treatment of consumers goes undetected by consumers themselves, there are limited[4] supervisory efforts towards information gathering and analysis of conduct of financial services providers that is sufficient to serve as deterrent to institutional conduct malpractices. Depending on whom the duties to take enforcement measures exist, such powers are either not strong enough to have adequate teeth or have not been exercised in a strong manner (as is currently being exercised for prudential regulations).

The unified consumer redress of the Financial Redress Agency (FRA)[5], by design, provides a good solution to these problems above and needs implementation focus. Taking the redress function out of the regulator’s day-to-day focus can help the regulator focus and strengthen core functions using feedback from the FRA. Further,

  • How can technology be leveraged effectively to capture, channel and resolve consumer complaints, and be put to use by individual institutions and as supervisors?

The major challenges in order to collect consumer grievances were identified such as limited accessibility provided to grievance collection points, lack of transparency on the actions taken on the grievance and its eventual resolution. Some cases of using technology to resolve these issues were highlighted.

The firm that interfaces with the consumer would play the most important role in ensuring the resolution of the complaint. It would be the responsibility of the platform, for instance such as BankBazaar, to notify the relevant third party firm or manufacturer responsible for the processing of the payment or settlement of the insurance claim. However, there needs to be a lucid framework to assign liability across all the entities involved in the transaction.

5. How do we accurately measure systemic risk in a modular world?

The Conference saw a debate around whether or not Modularisation of financial services would indeed contribute to existing levels of systemic risk. There was broad consensus that, many of the functions that the new entrants are fulfilling do not particularly change the location of risks. Modularisation has enabled multiple access points for access to financial products. Given the increase in the number of firms providing more customised products, especially credit, there was a discussion around whether the increased number of originators would increase or decrease the concentration risk to particular customer segments. The larger question is on how the supervisory authority would effectively identify the sources of contagion risk and be able to measure systemic risk in a modular world.

The full Conference Proceeds can be accessed here.

[1] For a discussion on the efficacy of the Information Technology Act in the context of financial data, please see Electronic Financial Data and Privacy in India, IFMR Blog, December 23, 2016 (http://www.ifmr.co.in/blog/2016/12/23/electronic-financial-data-and-privacy-in-india/)

[2]  Justice Puttaswamy & Anr v. Union of India & Ors, ALL WP(C) No.494 of 2012 (http://supremecourtofindia.nic.in/pdf/LU/ALL%20WP(C)%20No.494%20of%202012%20Right%20to%20Privacy.pdf)

[3] A summary of the judgement and its relevance can be found at The Right to Privacy Judgment: Initial Reflections on Implications for Digital Financial Services, IFMR Blog, August 25, 2017 (http://www.ifmr.co.in/blog/2017/08/25/the-right-to-privacy-judgment-initial-reflections-on-implications-for-digital-financial-services/)

[4] A Brief Comparison of Ombudsman Frameworks, IFMR Blog, April 10, 2017 (

[5] Report of the Task Force on Financial Redress Agency, Government of India (http://dea.gov.in/sites/default/files/Report_TaskForce_FRA_26122016.pdf)


Customer Centricity Challenge

In February 2018, CGAP, SPTF, Leapfrog and Dvara Trust (formerly IFMR Trust) are organising a learning event on customer centric business models in Mamallapuram, Chennai, India. The event titled “Customer Centricity: Enabling Financial Choices and Positive Outcomes for Low-Income Customers” is intended to influence financial service providers, investors, and policymakers to adopt a business model that is based on understanding and serving the unique and diverse needs of low-income customers.

As part of the event, we are inviting entries for a contest on customer-centric business practices. The contest is intended to give financial service providers that have implemented innovative customer-centric solutions a platform to share their journey and ideate with key stakeholders from the sector. Winning entries will be showcased at the event that will also host donors and investors.

More details about the contest can be found here. The last date for receiving entries is Dec 8, 2017.


Concerns for Prudential Regulation in a Modular Financial System

By Nishanth K, Dvara Research

This post is part of our blog series on the Conference on Designing Regulations for a Rapidly Evolving Financial System hosted by Dvara Research.

In the previous blog post, we discussed about existing and new kinds of harms to consumers in a modular world, and consequently the need for consumer protection regulations to be strengthened in tandem with the trend of “Modularisation” in the financial system. This post deals with the concerns for prudential regulation in a similar environment.

Prudential regulation is commonly understood as capital regulation – regulation that requires firms to maintain adequate capital resources to ensure that there is no significant risk that its liabilities cannot be met. The primary function of a prudential regulatory framework, however, is to impose well-defined conditions for entry and propagation of activity by firms in the financial system. This should be done in such a way that there is a stable relationship between promoting competition and preserving consumer welfare and systemic stability. From the regulatory perspective, it is important that regulations are applied in a manner that is function-specific and institution-neutral in order to make sure competition in the market is sustained. Taking the example of credit intermediaries, several institution-types come to mind, that provide the function of credit intermediation, such as banks, NBFCs, and even Telecom companies through Direct Carrier Billing, and yet the manner in which some of the micro-prudential rules have been designed so far are inadvertently skewed against smaller institutions and certain institution-types.

Existing micro-prudential regulation design may provide an uneven playing field between incumbents and newer market players

Micro-prudential regulations typically concern with achieving a pre-defined target probability of default of regulated firms. The ‘probability of failure’ of firms is to be regulated, and the role of regulation is not to bring down the failure probability to zero but to make sure that the market is protected from unstable institutions while at the same time remaining competitive. Given that NBFCs are an early example of dis-intermediated institutions, it is important for us to consider the current regulatory landscape of NBFCs and understand anomalies if any. For example, Non deposit taking NBFCs (NBFCs-ND) provide credit intermediation functions similar to that of a bank without the acceptance of deposits. However, it has been the case that NBFCs have been prescribed capital requirements higher than those of banks. The design of these high capital requirements for NBFCs has been rationalised, for the most part, by the following:

  1. To protect the depositors of banks and the other creditors of the NBFC from the usually high levels of concentration risk.
  2. To compensate for the “lower touch”[1] regulations with regard to market conduct and consumer protection

In this case, the regulator should instead consider strengthening banks’ ability to assess the risk of lending to NBFCs and encourage risk-based pricing of funds as required. Stronger consumer protection and conduct regulations have to be developed and sufficient regulatory capacity should be created to enforce them instead of the ostensible use of micro-prudential regulations to solve a consumer protection problem. These high capital requirements have resulted in negative implications for the sector such as restricting credit growth and higher interest costs for consumers. It has also created an anti-competitive environment for NBFCs.

Existing regulatory frameworks may not completely capture new modular firms

Powerful tools such as licensing would need to be carefully applied as it can serve as the most critical barrier to entry. Regulatory framework should avoid taking a central planning approach while designing regulations for these newer entities with non-traditional business models. Regulatory design should consider whether the exact function of the modular firm justifies a need for regulatory oversight and if so, what the optimal channel to apply regulations is. Policy makers should not be considering details of or interfering with the kinds of business models as well as product-designs that should exist for the customers.

An instance of this is the regulation for Small Finance Banks (SFB) requiring them to originate 75% of their assets as Priority Sector Loans (PSL), a case of the regulator deciding the business models of regulated entities. The Revised Regulatory Framework for NBFCs[2] released by the RBI discusses the pre-conditions for the application of Prudential and Conduct Regulations. It is noted that prudential regulation, more specifically capital regulation, would apply to any NBFC that has access to public funds[3]. Conduct regulations would apply to any NBFC that has a consumer interface. This framework could be used as a base to identify the newer types of firms that would require prudential regulations. In many cases, the modularised entity providing an essential function while working with a bank or NBFC is covered by third party guidelines[4].

Measuring systemic risk becomes harder in the case of Modularisation

With the increasing number of participants in the financial services sector, and the increasing ease of manufacturing and delivering customised credit products for customer segments, it is likely that this could lead to a rapid expansion of credit in the economy. The increase in the availability of cost-effective delivery channels and better data-driven credit assessments might encourage lenders to concentrate on certain segments. It is likely that there is high concentration risk in particular customer segments such as urban salaried class who are currently experiencing the benefits of increased access to credit.

It could also be argued that the effects of Modularisation could bring down systemic risk as it would encourage lenders to diversify to segments that were traditionally neglected due to the lack of under-writable information. For example, better data driven credit assessments may be available on SMEs which may encourage banks and NBFCs to lend more to these segments. Hence, Modularisation could have an indirect positive or negative impact on systemic risk. It is important to now place special emphasis on employing tools to measure and understand systemic risks in the modular world.

It is thus evident that modularisation is going to have a significant impact on both micro and macro prudential risk in the financial system. Regulators would need to proactively anticipate these risks and design regulations accordingly.

In the concluding post of this series, we outline and briefly discuss the academic and policy research questions that emerged from the deliberations of the conference.

[1] Review of NBFC Regulatory Framework – Recommendations of the Working Group on Issues and Concerns in the NBFC Sector (https://www.rbi.org.in/scripts/bs_viewcontent.aspx?Id=2619)

[2] Revised Regulatory Framework for NBFCs, 2014, Notification, Reserve Bank of India (https://rbi.org.in/scripts/NotificationUser.aspx?Id=9327)

[3] ibid


Privacy on the Line: What do Indians think about privacy & data protection?

This post is authored by the Future of Finance Team at Dvara Research.

We met Sulekha[1] in a village in Uttarakhand. She was talking about the information she considered most important to her: her ration card, Aadhaar card, NREGA job card and her phone number. When asked how much she would sell this information for, she visibly withdrew saying she did not want any money for it. What would she need to share this information? She replied simply: a guarantee that it would not be misused.

Sulekha was one of the 50 people we spoke to as part of a small, deeply qualitative study on which the Future of Finance Initiative (FFI) at Dvara Research partnered with Dalberg Design and CGAP. We set out to understand: ‘how do ordinary citizens of India think and act on their privacy and data protection?’ Across four regions of the country (Maharashtra, Uttarakhand, Tamil Nadu and Delhi) we used the Human Centred Design (HCD) method to have discussions to understand not just what people say, but how they think, act and feel. The final report on the study is available here.

Our conversations in the field revealed that contrary to common perception, people in India care deeply about their personal data and privacy. Respondents were surprised that service providers could share their personal information with third parties and wanted to be informed of such sharing. People were also sensitive about sharing their personal data such as photos, messages and browsing histories—even with their family—and were unwilling to sell certain types of personal data like their telephone numbers.

Even the data that they were willing to share in order to receive services came with conditions. People wanted to know how their data was handled. They also, much like Sulekha, wanted an assurance from providers that no harm would come to them through the use of their data. Many of the interviewees recognised their inability to understand standard notice clauses and wanted more visual forms of consent that they could easily understand without relying on others.

Alarmingly, most interviewees had experienced fraud (especially via phone impersonators), and did not know how to protect themselves or seek redressal. Women, in particular, were highly vulnerable to reputational harms, and self-censored themselves (for example by not sharing phone numbers or photos) to protect themselves.

Although the government and its institutions inspired universal trust, people working in government institutions were not trusted with personal data – unless the employees came from the same community group or geographic area. Agents of banks and mobile network providers were also recognised as common perpetrators of illicit disclosures of personal data.

In cases where harm was caused to them as a result of a data breach, the respondents wanted easy access to seek redressal, and wanted to be compensated fully.

We heard individuals asserting their right to have their personal information treated responsibly. They indicated clear and strong preferences for a system that provides them agency and control over their data. Citizens at the grassroots want a data protection regime where providers are held accountable and are obligated to treat personal data responsibly.

You can read the full report here and watch the below video on the study.

[1] Name changed. Note: The details of the respondents in the main report were included with their permission and after informing them that a report would be released on this topic.


Conversations with the newly banked in Indian cities

By Bindu Ananth

Initially, Kanhaiya[i] was wary of speaking to us. He was clutching his wallet tightly and declared upfront that he would not be showing us his ATM card. As we spoke more about his journey as an agriculturist in a small village in Madhya Pradesh to a plaster of Paris contractor in Ghaziabad, he started opening up. He told us about the many times he didn’t get paid for his work but this one time, he was so angry that he destroyed his own creation. More recently, his ATM card had broken and when he went to the branch to withdraw cash to pay his workers, he was refused because his signature didn’t match. While he is waiting to be re-KYCed, he has taken a loan to make payments to his workers. He resignedly concluded to us “dhokha bahut hota hai”. Before he left us, he made us write down on a chit of paper “Recurring Deposit”. He wanted to take it to his bank to ask them how he could open one of those things for his 2 year old daughter.

We met Salim in a cramped room in Tughlakabad, Delhi where he was executing an elaborate design on a bridal lehenga. He lives and works in this room with eight others. His family lives in Nawabganj village of Bareilly. He used to work in a company previously but left because he felt disrespected. When we ask him about how he plans his finances, he laughs and says “only rich people can plan their money”. He talks about losing savings balances to minimum balance fees and not being disciplined enough to sign up for chit funds that many of the other workers are a part of.

Dinesh Gowda moved to Bangalore from Mysore three months ago armed with a Bachelors in Mechanical Engineering degree and found a job at a metallurgical unit, earning Rs. 15,000/month. He spoke to us passionately about starting an auto-parts business back in Mysore after a few years of acquiring skills & experience. His brother-in-law is his money manager. He withdraws his entire salary from his bank account every month, hands it over to his brother-in-law every month and receives a fixed allowance for expenses. We met him around Diwali and he was waiting to get his allowance to buy gifts for his parents and sister back in Mysore. When we asked him how he felt about this arrangement, he shrugged and said, “family knows best”.

Our[ii] conversations with Kanhaiya, Salim and Dinesh were part of a series of 100 + interviews across Mumbai, Shimoga, Bangalore, Chikmanglur, Kochi, Thiruvalla, Delhi, Gurgaon and Ghaziabad where we tried to understand the journeys of the “newly banked”. We defined this as a category of people, who by virtue of migration from the village to the city or starting out at a new job, have recently gained access to a bank account and a smart phone. Our hypothesis is that this combination becomes an important on-ramp for the broader suite of financial services (credit including mortgages, investments, insurance) that are relevant to people. What we found on the ground for now is a dogged duality – almost everyone we spoke to had a bank account (this would not have been the case even 3 years ago) that they opened either as a salary account or to facilitate remittances in the case of rural-urban migrants, but relied heavily on the informal sector (friends, family, chits) to manage their broader financial needs.

Should’ve, could’ve, didn’t (invest)

The apparent reasons for this duality are not surprising. We consistently heard that it is difficult to scale the relationship with the bank beyond the savings account. While there is a strong desire to save/invest for long-term goals, there are no good solutions to solve for challenges around income volatility (a few people spoke to us about lapsed LIC policies due to inability to make regular payments) and behavioural aspects (illiquidity preference, mental accounting). Talking about investments evoked considerable feelings of “FOMO” amongst everyone – everyone had a sense that they may be leaving money on the table but were not comfortable approaching banks with their questions. Interestingly, there doesn’t seem to be a clear “action point” or “go-to brand” when it comes to figuring out investments, people talk about the market as a whole or in abstract concepts. A notable exception was a lady tailor in Delhi who asked us how she could get in on the Bitcoin bandwagon! By and large, LIC endowment policies are the way people invest for long-term goals. This is also true of educated, new-to-the-workforce millennials who follow parents’ advice on investments. The LIC ecosystem doesn’t seem very inter-operable for migrants. People routinely spoke about going back to their villages to make payments[iii].

We asked people specifically who they turn to for advice if they received an unexpected bonus or extra income. This always led us in the direction of some member in the extended family who was relatively speaking better-off and seemed in control of his (in all cases, a man) finances. There was blind faith in these trusted advisors. One young respondent who worked in an IT firm in Bangalore had signed up for unit-linked plans with ten year lock-ins on the advice of his uncle in Patna.

Almost everyone we met had a smartphone and was an active user of whatsapp, FB and Youtube. While the educated, urban respondents used the apps of their banks typically for checking balances and Paytm for sending friends money and bill payments; there was no dominant financial app being used in an integrated manner.

Opportunity for a new, customer-centric architecture

One upshot of all the technological innovation in finance in recent times is a significant reduction in fixed costs & entry barriers. In India, we have identity-as-a-service (Aadhaar), KYC as a service (e-KYC) and payments as a service (UPI) that is already catalyzing a remarkable number of start-ups who are specialized and are innovating at the application layer. Experts[iv] in this space have already predicted the “unbundling and re-bundling” that is likely to occur in retail financial services and the emergence of new players and value propositions. Banks are unlikely to be able to serve this newly banked customer base effectively given the continuing challenges with cost-to-serve. This was clear to me when I was at a panel recently with Mr. P.N Vasudevan of Equitas Small Finance Bank. He noted that their liability customers are completely distinct from their credit customers because of the need for minimum balances in the former and this is a bank whose ethos is deeply about frugality and has a ready base of millions of micro-customers.

The early wave of business models among fin-techs, however, continues to be product-driven (digital credit, digital investment platforms) while leveraging the digital infrastructure for efficiencies. However, for the generation of customers who are new to the formal system, the product lens is not intuitive and often, drives them back to familiar arrangements of friends and informal channels.

In our view, what would be transformative is a proliferation of segment-specific (students, free-lancers, migrant) interfaces and solutions that enable the on-ramp from the bank account to the broader universe of financial services. Automated savings apps such as Digit are a good example of this. A deep understanding of the needs of the customer, converting that into a meaningful and trusted solution and getting interface design right will matter a great deal. Building trust is also obviously a big factor when going beyond credit and small-value payments. Despite poor service and experiences, people repeatedly go back to Public Sector Banks and LIC because of the sense that their money will be fundamentally in safe hands[v].

Watch this space for further updates on our own work on this front.

[i] All respondent names have been changed

[ii] This is joint work by Dvara Research and Pensaar Design. A lot of my thinking on this topic was triggered during a recent stint as an entrepreneur-in-residence with the Omidyar Network

[iii] One merchant we met told us that LIC APIs are not available for integration with third-party platforms such as remittance service providers.

[iv] https://www.omidyar.com/blog/now-fintech-has-unbundled-our-financial-lives-can-it-re-bundle-them

[v] Separately, the virtue of Public Sector Banks being focused on providing access to savings and term deposits and limiting the asset side of their balance sheet to rated debt securities and government securities (https://www.bloombergquint.com/opinion/2017/10/09/do-indias-weak-banks-need-a-stronger-dose-of-corrective-action) needs to be seriously explored.