Based on my experience, here are five of the most common mistakes when telcos seek to assure their mobile money services.
1: Working in Silos
Some operators (still) rely on silos to assure the risks surrounding mobile money. The different teams monitoring the mobile money service can include Revenue Assurance, Fraud Management, Anti-Money Laundering, IT Security, Compliance, Privacy, Regulatory and Internal Audit. It is paradoxical that while a major part of the concept of assurance is to detect dangers arising from working in silos, assurance teams themselves can fall into the same trap. If the RA team and the Fraud Management team report to a different line, it is possible that some issues which are best addressed jointly will only be tackled from one angle.
Consider an IT weakness on the mobile money platform which has been detected by the IT Security team and treated within the IT department alone, yet the same issue could have resulted in fraud or it could have led to a breach of subscriber data, hence resulting in a regulatory non-compliance. By not having the relevant teams notified, the matter will be treated purely as a system issue. The ramifications are clearly wider than IT and if it recurs, the operator may not be lucky the second time.
Remedy: It is not necessary for all teams that have a hand in assuring mobile money to report to one function or the same executive, although some operators have implemented this model. However, wherever these teams sit and whatever their reporting lines, they should maintain formal and informal engagement processes that allow them to share their scope, the issues they come across and the improvement initiatives they are driving. This needs to be a regular process and is especially crucial when key changes are happening in the mobile money systems and/or processes.
2: Excessive Overlap
A healthy amount of overlap helps telcos because a control monitoring failure/delay in one assurance team can be saved by another team. For example, the RA team may be assuring commissions on a shorter frequency and Internal Audit, as part of the semi-annual audit plan, would also look at the controls surrounding this critical process. Likewise, the Fraud Management team may have an alert for a situation that would also be detected through a Revenue Assurance reconciliation. However, beyond a certain level of overlap, expensive resources start being misused. The expertise in various areas is scarce and it is better used in complementing between the teams as opposed to duplicating task for task.
Remedy: Ensure the heads of the various assurance teams have a regular joint review of their operations and use it to align their scope. Additionally, to the extent possible, the reporting of issues and ownership of closure initiatives should be channeled to a central executive sponsor who would then spot excessive overlap and arbitrate in demarcating responsibilities if necessary.
3: Weak Vendor Management
The roadmap for mobile money can sometimes fall into disarray. Mobile money systems are not as ‘settled’ or standardised as traditional telco systems. This is understandable. Mobile operators are constantly making changes in the mobile money systems to react to competition, deploy new services or integrate to new partners. The vendors who are supplying or supporting these systems may not always move with the same rhythm and hence there is the potential for mistakes, blame-games and even financial loss.
Remedy: Avoid problems by focusing on proper vendor engagement, the definition and enforcement of SLAs, and joint ownership of the product roadmap. The operator and vendor need to have a common understanding of the systems evolution roadmap as well as how to treat ad hoc (and normally urgent) requests. There needs to be minimum set of standards that must be met in deploying each change and deviation. The vendor must be able to demonstrate an internal process of assurance that ensures quality in deliverables. This is not a task that can just be left to the operator.
4: Inadequate Resourcing
Mobile operators face financial pressures. Revenues are not growing fast and some have flat-lined. The pressure from shareholders is not relenting. Operators thus have to do more with less. The mobile money segment, despite appearing to hold the prospects of growth, is also subjected to the same budgetary cuts and pressures. This has a direct consequence. The people assuring mobile money, be they in RA, Fraud Management, IT Security etc have a myriad of other systems and processes to review. They are stretched thin and it is only a matter of time before an embarrassing situation arises.
Remedy: Conduct a resource audit and determine the adequacy/inadequacy of the resources assigned to mobile money assurance. The findings should be owned by the executive team and if necessary, the audit and risk committee should be briefed.
5: Poor Engagement with Other (External) Players in the Mobile Money Service Path
There are many businesses engaged in the delivery of mobile money services. For example, many banks have partnerships with mobile operators. Some elements of the mobile money system are delivered through inter-vendor partnerships. The distribution channel is managed through agents. Utility payments/collections accounts on the mobile money platform belong to corporate entities and there are also interfaces to third party systems in order to deliver payments integration. Likewise, some countries have mobile money interoperability where mobile money can be sent from operator A to operator B – and this can also occur across national borders. In short, there is a multitude of partnerships at play. Working with others requires identifying (jointly) the risks that exist in the arrangement and the requirements that should be satisfied in order to ensure overall integrity of the process and systems. Unfortunately, this seems to happen mostly after a problem has been identified, and not as a proactive approach to preventing problems before they occur.
Remedy: To achieve effective collaboration, it is important to move beyond contractual agreements and maintain full engagement through meetings, conference calls, sessions to share lessons and joint trouble-shooting exercises. Then each party will understand what they bring to the table when a certain area is being addressed. These engagement sessions need not be held only when an issue has arisen. Rather, they should also be opportunities to celebrate achievements, anticipate future challenges and chart the inter-team approach.