• E-money is defined as a store-of-value product with the following characteristics: (i) It is a digital representation of a fiat currency (legal tender); (ii) it is a claim against the provider; (iii) it can be redeemed at face value on demand; and (iv) it is accepted as a means of payment by persons other than the provider. In many contexts, it is also referred to as “mobile money”.
  • E-money is often referred to as the ‘first wave’ of digital financial inclusion.

Fraud or other misconduct

RisksPossible regulatory approaches
  • Internal fraud by staff / agents / service providers.
  • External fraud by third parties.
  • Other misconduct by agents – deliberate or inadvertent.
  • Providers may seek to disclaim liability for the acts or omissions of their agents, and:
    • Agents may not be able to deal with the issue or might not have sufficient resources to compensate consumers.
    • There may be further complications in allocating liability where an agent acts for more than one provider.

Provider risk management:

  • Require licensing / registration of all e-money providers.
  • Assess fraud risk management systems.
  • Assess skills / qualifications / integrity of directors / senior management.

Agent risk management:

  • Mandate clear agent due diligence / agreement standards.
  • Require publication of lists / registers of authorized agents.
  • Require agents to display evidence of authorization.
  • Require agents to be trained / monitored.
  • Prohibit charging of fees by agents. See Country Example

    Ghana specifically prohibits agents from charging a fee beyond that charged by the principal.

  • Ensure supervisory powers in relation to agent networks. See Country Example

    Ethiopia also sets out the supervisory powers of the National Bank of Ethiopia in relation to agent networks.

  • Require agents to have business permit / other qualification. See Country Examples

    Kenya’s National Payment System Regulation provides that a person cannot be appointed as an agent or a cash merchant unless the person has a registration, business license, or permit covering their commercial activities. Singapore also requires agents to be licensed (which is quite onerous).

  • Consider risks with remuneration arrangements and mis-selling.

Transaction authentication:

  • Mandate strong transaction authentication standards (for example, 2 factor). See Country Examples

    European Union’s PSD2 requires “strong customer authentication” when a transaction is initiated. The definition of this term in effect contemplates two-factor authentication, requiring the use of two or more independent elements categorized as knowledge (something only the user knows, such as a PIN) and possession (something only the user possesses) and inherence (something the user is). The EBA has expressed the view that inherence, which includes biological and behavioral biometrics, should “relate to physical properties of body parts, physiological characteristics and behavioral processes created by the body, and any combination of these.”

    People’s Bank of China’s Measures for the Administration of Online Payment Business of Non-Bank Payment Institutions allow use of one or more of three specified authentication standards; the specified transaction limits depend on the standard(s) chosen.

Liability for fraud:

  • Limit consumer liability for unauthorized transactions (for example, no / limited liability unless user fraud or gross negligence).
  • Expressly mandate provider liability for staff / agents / service providers.
  • Put burden of proof on provider to prove consumer liability. See Country Examples

    Ghana: Providers are usually required to accept responsibility for their agents, including (in some cases) even if actions are not authorized - liability applies in respect of the “agency business”, even if not authorized.

    Kenya only imposes liability for the actions of an agent within scope of the agency agreement, although the agency agreement cannot exclude a provider from liability.

Consumer education / advice:

  • Require consumers to be educated as to fraud risks, need to keep PIN etc. safe and to promptly report any suspected unauthorized transactions.
  • Require consumers / regulators to be advised of suspected fraud.

Platform / technology vulnerability

RisksPossible regulatory approaches

Although unreliability and vulnerability risks have always existed in the context of e-money systems, the scale of the risks and the potential for loss is rapidly increasing with the rise in e-money accounts and the number and value of transactions.

If e-money platforms / systems do not operate as expected or are vulnerable to threats, consumers are at risk of loss, inconvenience / other harms.

Types of consumer losses: general inconvenience; time lost; loss of data integrity; uncertainty as to whether transaction has been completed leading to doubling – up of transactions; penalties for example, for late payments; utilities being cut off.

  • Mandate technology measures for example, to ensure integrity, effectiveness, security of systems and system audits.
  • Mandate e-money / payments systems cover operational reliability risks for example, business continuity, disaster recovery, back-ups. See Country Examples

    Kenya’s National Payment System Regulations require measures to ensure “operational reliability of the service including contingency arrangements.

    Ghana’s Payment Systems and Services Act requires an e-money issuer (or a payment service provider) to ensure ““high quality performance of at least 99.5% service availability and accessibility”.

  • Require regular reports to regulator on these systems.
  • Require notice:
    • To users of anticipated / actual service interruptions.
    • To regulators of major operational / security incidents.
    • Make payer institution liable for incomplete transactions.

Mistaken transactions

RisksPossible regulatory approaches  
Mistakes in this sense are a human error issue rather than fraud. Mistakes are especially likely with consumers who are new to financial services and not used to using their mobile phones to conduct financial transactions. The potential scale of the risk is of concern as mobile money services expand. Transaction mistakes (for example, wrong account number) may result in misdirected funds which are difficult to recover. It may be caused by users (for example, because of confusing interface) or by agent assisting user.
  • Require provider to assist in resolving a mistake. See Country Examples

    Where a user claims that a transaction was not properly executed, the European Union’s PSD2 puts an onus on the provider to “prove that the payment transaction was authenticated, accurately recorded entered in the accounts and not affected by a technical background or some other deficiency of the service.”

    Australia’s ePayments Code also puts an onus on the provider to assist the user in the case of a mistaken transaction.

  • Put onus on provider to prove transaction authenticated.
  • Require user to verify transaction. See Country Examples

    Eswatini’s Mobile Money Service Providers Practice Note requires that there must be a mechanism for the customer to verify the name and number of the proposed recipient before the transaction is finalized. Malawi has a similar requirement, but it applies only “where feasible”.

  • Explain how to stop a transaction.
  • Require user interfaces to be simple and easy to use. The Better Than Cash Alliance 2016 Responsible Digital Payments Guidelines (BTCA RDP Guidelines) recommend such an approach. The CGAP 2016 Smartphones & Mobile Money Principles for UI/UX Design also propose 21 principles for the user interface / user experience design in the context of mobile money.

Provider insolvency or illiquidity

RisksPossible regulatory approaches
  • Provider insolvency with available funds insufficient to pay e-money balances.
  • Provider / agents do not have enough liquid funds to meet day to day demands, especially for cash - outs.

Require provider to isolate and ring-fence segregated / unencumbered funds equivalent to outstanding balances:

  • Common requirement: funds to be held in trust account or equivalent in one or more prudentially regulated banks.
  • Another option: hold government securities or other secure investments.
  • Another option: private insurance.
  • Rules may be less onerous for prudentially regulated bank issuers of e-money. See Country Examples

    Multiple banks: For example, Kenya’s National Payment System Regulations provide that if the relevant amount is over K Sh 100 million, then the funds must be held in a minimum of two “strong rated banks” with a maximum of 25 percent in any one bank. Malawi’s Payment Systems (E-Money) Regulations state that only 50 percent of trust funds may be maintained with a single bank at any one time.

    Application of rules to non-bank issuers: Banks may have lesser obligations (presumably because of the prudential regulations that apply to them). For example, under Tanzania’s Payments Systems (Electronic Money) Regulations, banks and other financial institutions that are e-money issuers have to open a “special account” to maintain funds deposited by non-bank customers issued with e-money, whereas other e-money issuers must maintain these funds in a trust account maintained by a separate trust entity.

    Insurance: EU’s PSD2 provides two options for safeguarding funds: (1) to keep funds matching outstanding balances in a separate account in a prudentially regulated credit institution or invested in secure, low-risk assets as defined by a member state, or (2) to cover the outstanding funds with private insurance from an unrelated insurer or credit institution that is payable if the e-money issuer is unable to meet its financial obligations.

Restrict activities to e-money services See Country Examples

Many countries and regions have such requirements, including the European Union, Ghana, Malawi, Malaysia, and Singapore.

Require e-money issuers to be in a separate subsidiary / business unit. The subsidiary requirement has been endorsed by the Bank for International Settlements’ Basel Committee on Banking Supervision in 2016. See Country Examples

The Philippines provides that non-bank providers may provide e-money services only through a separate entity incorporated exclusively for that purpose. In contrast, Kenya’s National Payment System Regulations provide for a payment service provider to separate its payment services in a separate business unit with a separate management structure and books of account.

Require liquidity to be maintained by providers / agents See Country Examples

Malaysia’s Guideline on Electronic Money requires issuers to ensure that they have sufficient liquidity for their daily operations. Malawi also requires that e-money service providers ensure that their agents maintain sufficient liquidity to honor cash-out obligations to their customers.

Impose initial and on-going capital requirements:

  • Rules may vary depending on whether provider is a bank / non – bank; size / scale of business and nature of activities.
  • Regulator may have ability to vary requirements. See Country Example

    Malaysia’s Guideline on Electronic Money is to the effect that issuers of “large e-money schemes” are required to maintain unimpaired shareholders’ funds of Malaysian Ringgit (RM) 5 million or 8 percent of the monthly average of their outstanding e-money liabilities over the last six months, whichever is higher. These rules apply only to issuers that are not licensed under Malaysia’s Banking and Financial Institutions Act of 1989, the Islamic Banking Act of 1983, or the Development Financial Institutions Act of 2002. A “large e-money scheme” means a scheme with a purse limit exceeding RM 200 and outstanding e-money liabilities for six consecutive months of RM 1 million or more.


E-money is not redeemable for face value

RisksPossible regulatory approaches
Consumers wanting to redeem their e-money balances may face the unexpected risk of providers withholding a portion of those balances (in addition to fees).

Mandate that providers allow e-money balances funds to be redeemed at face value (sometimes referred to as “par” or equivalent value). See Country Examples

This requirement applies in a wide range of jurisdictions, including Afghanistan, the European Union, Ghana, Kenya, Malawi, and the Philippines. For example, Malawi’s Payment Systems (E-Money) Regulations provide that e-money must be issued and redeemed in Malawi kwacha as legal tender and redeemed for face or par value.


Consumers are not provided with adequate information

RisksPossible regulatory approaches

Disclosure related risks arise from:

  • Technological interface (small mobile phone screens).
  • Inability to retain information for future reference (for example, with feature phones).
  • Speed of transmission (no time to read or understand disclosures).
  • Consumers feel they have no choice but to accept product (for example, to receive cash transfers in Covid-19 crisis or other emergency).
  • Low levels of financial / digital literacy.

Poor up-front disclosure practices lead to:

  • Poor understanding of product features, costs, terms
  • Inability to compare products.

    Consumers may choose products that do not meet their needs and incur costs that could have been avoided. This may lead to low usage levels of the product in question and ultimately low levels of trust in at least e-money products and perhaps more broadly.

Limited ongoing account information may mean difficulty in:

  • Identifying fraudulent / mistaken transactions.
  • Household budgeting / small business management.
  • Checking on fees charged.
  • Pursuing complaints / disputes.

    Consumers may only have a limited time to make a complaint about a transaction and if they do not get a receipt / account statement then they may miss the opportunity to make a complaint.

Failure to notify changes may mean not aware of: For example, increased fees or intent to withdraw / suspend product.

  • May mean consumer is not aware of increased fees or more onerous terms or intent to withdraw or suspend product.

    Consumers would accordingly not have information to close / switch accounts or to make payments for services by other means (for example school fees / utilities.

Disclosure format / language risks

Misleading marketing risks: Providers may fail to disclose or may be misleading about key product features, transaction fees, minimum balances, or monetary limitations on usage.

Upfront disclosures:

  • Require compliance with overarching transparency principle.
  • Require disclosure of terms and conditions and fees (both very common). See Country Examples

    European Union’s PSD2 requires the disclosure of information about framework contracts for payment services; the requirements apply to contracts for e-money services. Other examples are in the regulatory frameworks in countries and regions as varied as Australia, Ethiopia, Indonesia, Kenya, and Nigeria.

    Eswatini, the European Union, Kenya, Malawi, Malaysia, and Nigeria all provide examples. In some cases, there is a requirement to disclose fees both up front and on a transaction basis. For example, the European Union’s PSD2 requires that all charges be disclosed to the consumer before the contract is entered into and before a transaction is initiated (see also next slide). Separately, there are mandatory EU requirements for standardized disclosures of fee information on consumer payments accounts, including information about the standardized terms and definitions to be used to describe common fees and a mandatory fee information disclosure template.

  • Require terms and fees to be available through multiple channels for example, websites, agents, branches. See Country Example

    Kenya’s National Payment System Regulations require information about charges (and other terms and conditions) to be displayed “prominently at all points of service.”

  • Require written agreement to be provided. See Country Examples

    Kenya requires that a payment system provider complete a customer service agreement with every customer and that it contain specified information, including information about many of the issues detailed above. Other examples of such requirements are in China, Ghana, Malaysia, and the Philippines.

Ongoing disclosures:

  • Require issue of transaction receipts. See Country Example

    Kenya’s National Payment System Regulations require the payment service provider “without undue delay” to provide the payer with a unique transaction reference and detail of the amount, payee and their account, and the debit. The payee is also required to be given advice about the crediting of the relevant amount.

  • Require periodic statements and transaction information to be issued / made available on request. See Country Examples

    The Australian ePayments Code requires that periodic statements be provided every six months. However, these requirements do not apply to low-value facilities (with balances of no more than A$500). For such facilities, providers must give users a process to check the balance of the account as well as either a receipt or a mechanism to check transaction history

    Malawi requires that extensive transaction information be maintained and available to users.

    Bank Indonesia requires a provider to provide facilities “to allow Consumers to obtain information.” Malawi’s Payment Systems (E-Money) Regulations also require extensive transaction information to be maintained and to be available to the user. In Ethiopia at least the last 10 transactions must be online.

  • Require disclosure of fee at time of transaction. See Country Example

    Kenya provides another example of transaction-specific fee disclosure requirements, as the Competition Authority of Kenya’s 2016 rule requires that mobile financial service providers present full transaction cost information at the time of the transaction and on the same screen. Research by CGAP has suggested that this requirement has resulted in increased pricing awareness.

  • Require disclosed information be in a form that can be kept. See Country Examples

    The European Union’s PSD2 requires that information be provided on paper or in a “durable medium,” which in turn is defined as (in summary) an instrument that allows the user to store information in a way that makes it accessible for future reference. Malaysia’s Guideline on Electronic Money also requires that terms and conditions be “easily accessible” PSD2, art. 51, and, in art. 4, the definition of a durable medium.

Notice of changes:

  • Require notice of changes to terms / fees within specified time. See Country Examples

    Australian ePayments Code requires at least 20 days’ advance notice to be given of changes to fees for transactions, issuing a device or passcode, any increase in liability for transaction losses, and also changes to daily or periodic transaction limits. There are also tailored requirements for low-value facilities (those that can have a balance of no more than A$500 at any time). Otherwise, notice must be given before the change takes effect. These notices may be given electronically.

    The EU’s PSD2 requires 2 months’ notice of changes to a wide variety of terms e.g., fees / mistaken transaction provisions.

    Ghana only requires 7 days’ notice, and it may be given by SMS or any approved method.

  • Require advance notice of withdrawal or suspension of product.

Unsuitable products

RisksPossible regulatory approaches

E-money product suitability issues can include:

  • Acceptance by merchants, utilities, government agencies, consumers.
  • Availability of payments points such as agents, branches, ATMs.
  • Transaction fees and limits.
  • Interoperability.
  • Relevance to needs of target groups such as women, youth, farmers.

Product suitability:

  • Require consideration of financial objectives, situation, needs of specific consumer where personal advice is provided. See Country Example

    Australia: The statement of advice and general advice rules in Australia’s Corporations Act provide an example of such requirements. These requirements apply to a wide range of financial products and services, which could include non-cash payments products such as e-money.

Product design:

  • Governance standards: Requiring financial service providers to establish and implement clear, documented product oversight and governance arrangements overseen by senior management.
  • Target market assessments: Requiring financial service providers to undertake an assessment of the target market for which the product is being developed. There may also be a need for product testing before the product is launched.
  • Distribution arrangements: Requiring financial service providers to ensure distribution channels are appropriate for consumers in the target market for a product.
  • Post-sale product reviews: Periodically following product launch, requiring financial service providers to review a product and related disclosure materials. See Country Examples

    Countries which have product design rules include Australia, EU, Hong Kong, South Africa and UK.