GSMA Mobile Money Handbook Shows Prejudice Against Revenue Assurance

How can you identify prejudice? Sometimes you discover prejudice by listening to the words people use and watching the actions they take. A prejudiced person may speak or act in a way that shows explicit favoritism. This is the easiest and safest way to identify prejudice, but prejudices can also be revealed by the omission of words and the failure to act. There are many kinds of prejudice, but few which are put on open display because most people want to be seen to be fair. This article is about professional prejudice, and how it hurts revenue assurance professionals and so ultimately hurts the communications providers and customers they are trying to help.

Suppose we watched a Hollywood television series set in a modern US city which only has characters that are white and male. The omission of black and female characters would lead many to infer some prejudice on behalf of the show’s makers, though we should still be wary of jumping to conclusions because there will be real-life locations and activities where the gender and racial mix does not represent society as a whole. I make this point to illustrate the professional prejudices of the GSMA, an association that says it “represents the interests of mobile network operators worldwide”. To be precise, they represent some interests but not others. They get away with this by simply ignoring subjects that do not suit them. This is not so different from a prejudiced white man choosing not to listen when a woman speaks, or changing the TV channel whenever a show features black actors. For many years I have suspected the GSMA has an irrational prejudice against the work done by revenue assurance professionals, but this was impossible to prove because I could only point to the omission of revenue assurance from the GSMA’s publications and activities. However, I think it can now be proven by looking at a specific document where the omission of revenue assurance is jarring to anyone who has not internalized the same prejudices as the GSMA. That document is the GSMA Mobile Money Programme: Mobile Money Policy and Regulatory Handbook, which was published in October of this year.

Before I go any further, I want to be clear that I find the content included in this document to be excellent. My argument relates to the importance of what has been left out. I do not disagree with what has been written by the author, Rishi Raithatha, who was the Senior Advocacy Manager at the GSMA until recently. Nor do I feel the document exhibits any explicit racial or gender bias; the cover features a black woman, as perhaps representative of the most dramatic societal benefits delivered by mobile money. But I do believe the author has been influenced by a working environment that wants to talk about some risks whilst never acknowledging related risks of similar importance. Consider the content from the perspective of an objective and impartial risk manager, concerned that his or her business should perform its duties well and serve its customers appropriately. Some of the sections of this document are as follows:

  • Know your customer
  • Anti-money laundering
  • Privacy and data protection
  • Cybersecurity
  • Fraud

Revenue assurance is omitted from this document. All of the above-mentioned topics are important. Mobile money providers and regulators need to address them. But why should we care more about customers losing money because of an external fraudster or a denial of service attack than because the money was lost as a result of a screw-up with the company’s internal processes? How foolish would we be if we assumed there is a neat dividing line between internal fraud and innocent mistakes that have the same effect? And whilst customers will rightly be concerned about leaks involving their data, they will be even more concerned about leaks involving their money!

I believe there is one clear difference between revenue assurance and the topics that were included in the GSMA’s mobile money guide. Businesses do not want to talk about assurance because they do not want to admit how often they make basic mistakes. Not wanting to talk about assurance does not mean they should neglect the need to talk about assurance. This document is written for regulators too. Sometimes mobile money is addressed by banking regulators, sometimes by communications regulators and sometimes by both, but no banking or comms regulator should assume transactions are always processed according to the customer’s instructions, or that customers are never charged for services they did not receive. This guide cannot be considered complete whilst omitting any mention of policies to tackle such fundamental risks.

The failing does not belong with the author, who has since left the GSMA. Even the best author relies heavily on synthesizing information received from other sources. If nobody in the GSMA ever talks about revenue assurance then nobody in the GSMA is ever going to write about it either. The GSMA does not expose themselves to revenue assurance, so they do not talk about it, so they do not write about it. This is galling because there are very many revenue assurance managers who interact with the GSMA, through the GSMA’s Fraud and Security Group. It just happens to be the case that these revenue assurance managers are also fraud managers. The GSMA is effectively conditioning them to ignore revenue assurance and billing accuracy risks, and to concentrate their efforts elsewhere. The results of the new RAG RAFMCS Survey show that about half of all comms providers have a joint revenue assurance and fraud management function, whilst considerably fewer have common management for fraud and cybersecurity. However, the GSMA expects fraud managers in mobile operators to take an active interest in cybersecurity, and none in revenue assurance. This also reflects the GSMA’s prejudices about what should matter to risk professionals.

Revenue assurance is not new. 20 years ago it was difficult to find telcos that had an RA function; now they all have them. The GSMA made a terrible error about a decade ago when it was proposed that their fraud forum might also discuss revenue assurance from time to time. They consciously decided to exclude revenue assurance. The story reported to me by a trusted source was that the usual corporate envy and enmity came into play on that occasion. If half of all telcos have joint RAFM departments, then the other half of telcos may sometimes possess fraud managers with their own selfish reasons for wanting to keep these related functions separate. A fraud manager who participates in GSMA events can enjoy some one-upmanship over a rival RA manager excluded from them. But this would be a petty and stupid reason not to address the risks covered by RA teams. I believe this is the reason why the GSMA remains ignorant of the importance of revenue assurance and so exhibits prejudice in the advice given to external parties too, including national regulators of services that have gained popularity since that terrible decision about revenue assurance.

The GSMA’s prejudices do not reflect the realities of how regulators and governments think either. London-based professionals working for the GSMA will rarely hear of white Western governments talking about revenue assurance. That is why it is striking to hear African governments and African regulators casually and habitually referring to the importance of revenue assurance. Those same African countries and regulators have often been at the forefront of the mobile money revolution. The GSMA would benefit from occasionally pausing for breath and listening to the words actually used by the people they seek to influence. If the regulators of the biggest mobile money markets all treat revenue assurance as a priority, then how can the GSMA pretend to give them credible advice whilst never once acknowledging the need for revenue assurance?

I have seen many people progress their careers by leaving a revenue assurance job in a telco for the equivalent job in a payments processing business. Electronic payments is a growth industry and hence a source of new opportunities for ambitious assurance professionals with experience gained from telcos. If the payments industry needs revenue assurance, then why would the mobile money industry not need it too? Even more obviously, the business of mobile money is conducted by businesses that are also mobile operators. The GSMA is keen to address a valuable source of additional revenues for companies that are already GSMA members. What kind of twisted risk analysis would ever conclude that a mobile operator has such unreliable systems, processes and staff that it must employ a specialized second-line function like revenue assurance for its communications services, but the same company need do nothing to check for errors with its mobile money transactions? It would be absurd to argue that these companies must do more to address fraud, AML and data protection without doing anything to ensure the underlying integrity of transaction processing. That is why the GSMA’s prejudice is so pernicious. They are not explicitly arguing that revenue assurance is unimportant. They more effectively undermine revenue assurance by simply ignoring it.

If I could write just one page of advice to be added to this guide, then I would remind comms and banking regulators that they all have rules to protect customers from being overcharged. The GSMA guide has a section on consumer protection, but it is scanty. The author assumes the integrity of transaction processing instead of discussing the work that should be done to ensure it. The countries where mobile money is popular are also likely to be countries where the comms regulator uses independent test services to verify the accuracy of charges for comms services. Some of these regulators employ specialist auditors and monitoring services to check the reporting of revenues for communications and mobile money services. Is the GSMA simply unaware of this form of risk management, or the reasons why these regulators are spending large amounts of money on verifying revenues?

In countries that use less sophisticated techniques to verify billing accuracy, such as the UK, it is not hard to find examples of GSMA members who have been fined by the regulator for incorrectly charging customers. Would we feel confident that these Western mobile operators would adopt an infallible approach to mobile money, if they chose to offer this service to customers in Western countries? Many of these Western operators belong to international groups that provide mobile money services in developing economies. Banking regulators tend to use different methods, but are just as interested in guaranteeing that a bank statement is an accurate reflection of the transactions that occurred. Mistakes do happen, even with the most basic banking services. I once moved money between two accounts in my own name, only to have to chase both banks after the money left one account but did not arrive in the other!

We should be especially conscious of risks associated with services that are new or growing rapidly. That is why the GSMA is right to issue advice relating to mobile money policies. However, an insular approach to performing research leaves them oblivious to their own blind spots. The risk universe for mobile money providers and their regulators is more extensive than the risks the GSMA is willing to discuss. Instead of learning the lesson of revenue assurance, which is that mistakes do happen, especially when using novel automation to process billions of transactions, the GSMA appears oblivious to a salient aspect of the recent history of comms providers. That is why I say the GSMA’s advice is bad because it is prejudiced against the vital work of revenue assurance professionals.

Eric Priezkalns
Eric Priezkalns
Eric is the Editor of Commsrisk. Look here for more about the history of Commsrisk and the role played by Eric.

Eric is also the Chief Executive of the Risk & Assurance Group (RAG), a global association of professionals working in risk management and business assurance for communications providers.

Previously Eric was Director of Risk Management for Qatar Telecom and he has worked with Cable & Wireless, T‑Mobile, Sky, Worldcom and other telcos. He was lead author of Revenue Assurance: Expert Opinions for Communications Providers, published by CRC Press. He is a qualified chartered accountant, with degrees in information systems, and in mathematics and philosophy.