Africa’s financial exclusion/divide remains wide. Two thirds of adults in sub-Saharan Africa don’t have access to formal financial services.
Arguably, Africa is narrowing the gap through effective and innovative basic technologies such as mobile money payments and transfer systems. In 2021, the mobile money ecosystem was valued at $701.4 billion, according to official data, with a total of about 621 million accounts and a customer growth of 17 per cent.
The success story of mobile money has attracted investment deals valued above $2 billion, capturing three thirds of investments in the startup ecosystem. The World Bank considers financial inclusion as an enabler for at least seven of the 17 United Nations’ sustainable development goals (SDGs).
The potential and exponential growth of the mobile money ecosystems informs the ambitious regional and domestic regulation establishing structures to further exploit Africa’s financial technology potential.
One of the things that is going to shape money remittances, payments and access to capital for small business and families is the Pan African Payment and Settlement system (PAPSS), operating under the African Continent Free Trade Area Agreement (AfCFTA). It pushes to break border barriers when it comes to money remittances and transfers.
Noteworthy, the payment and settlement systems operating under the PAPSS will have to feed on big (consumer) data to minimize financial business risks. Therefore, African Union member states will need to open up on their data sharing and transfer legislations.
Whereas the World Bank recommends standards that can be implemented in domestic laws under Bali Fintech Agenda paper, to achieve the ambitious goals under the PAPSS, there must be a regional legal instrument that sets standards for data flow and data governance at a continental level since it is one of the identified risks in the ecosytem.
The Malabo convention is a silver bullet to achieve this since it offers a sufficient balanced space for economic and data protection and privacy interests, which is key for both players in the digital and financial ecosystem. That notwithstanding, the convention has not been ratified by the required number of member states to make it operational.
Noteworthy, a half of the African states have since enacted data protection laws regulating data sharing and incorporating best practices to both protect data and privacy of consumers and the digital market without stifling innovations such as ‘reputation collaterisation’ which rely on personal data.
Personal data including financial information is creating a “gateway” to access to financial services/products including credit by relying on credit referencing and credit scoring tools enabled by collated and curated financial information.
Today in Uganda, without valuable assets but with a creditworthy reputation, families and small and medium enterprises are able to access unsecured financial facilities that would otherwise only be available to propertied individuals. However, this has been ongoing without a clear regulatory legal and institutional framework.
On October 21, 2022, Bank of Uganda issued a directive to its supervised financial institutions to transit from financial cards to National Identification numbers/cards or alien cards as a mandatory requirement under section 66 of the Registration of Persons Act, 2015; a law that establishes Uganda’s National Identification and Registration Authority, a statutory body mandated to process, issue out and manage national identification system as a way of streamlining the credit services industry.
Subsequently, the central bank updated and issued regulations on credit reference business through the Financial Institutions (Credit Reference Bureau) Regulations, 2022. This legal regime ambitiously expands the scope of credit reference bureau business in the country and enables the sharing of personal and financial information among the actors involved in providing credit facilities within and outside Uganda.
This means that there is going to be big volumes of personal data (existing on national identification systems) and financial information available to facilitate access to financial services, including unsecured loans to financial consumers in agriculture and small-scale businesses.
There are human rights concerns with this development. Whereas credit reference and scoring are fronted as enablers of access to financial products, they have the effect of exacerbating discrimination. For example, defaulters in the ecosystem may be labelled high-risk consumers, just like well performers may be labelled low-risk.
However, self-preserved persons without financial information such as financial and employment history are likely to be discriminated against since credit reference and score tools are based on the variables above.
Personal data may be procured for credit reference and scoring purposes looking at the individual’s financial history, but later be repurposed by the actors in the credit reference market to directly market credit products to consumers labeled “low risk.”
The regulations require mandatory data localization, which can only be waived with permission of the central bank. The consequence is that the regulator must redefine what informed consent is and strictly implement and enforce the principles of minimality, adequacy and accuracy, accountability and transparency, quality of information, participation and data security as safety valves against abuse of consumers’ special information.
The author is a legal tech and digital rights consultant at Enset Tech Limited
Source: The Observer