Mobile Money Loans: Are RA Teams Ready?

A recent report issued in Uganda shows that mobile money is fast eating the banks’ lending portfolios. This is happening despite the increasing partnerships that banks and mobile operators have set up. With an increase in mobile money agents, 28mn subscribers in Uganda find it easier (of course) to use mobile money services including digital lending offers.

Bank of Uganda data indicates that mobile money agents stood at 395,000 in May 2020 up from 200,000 in January 2019

That is an impressive trajectory and we can posit that in the same period, it is doubtful that banks doubled their branches. In any case, try as they might, banks, heavily regulated as they are, have much more red tape when it comes to lending. So it stands to reason that even in terms of lending, digital lending offered by mobile operators will take the upper hand. In Uganda, as is the case in a number of other countries, the lending product is offered by the mobile operator in conjunction with a bank.

MTN provides micro-loans in partnership with NCBA Bank while Airtel’s Wewole service is powered by Jumo, a Fintech.

Customers are opting for the micro-loans and shunning the traditional bank loans. This is bad news for banks (declining fees), good news for mobile operators (fast-growing new revenue line) but more work for the revenue assurance professionals working inside the operators who offer these services. They have to deal with complex products being run on systems whose core was not designed with those products in mind.

Traditionally in Africa, the prepaid segment has accounted for over 90 percent of the user base. In some operators 99.5 percent of customers are prepaid. Onboarding processes for prepaid subscribers have been easy and even though KYC regulations have somewhat complicated things, problems such as subscription fraud and bad debt have not kept us awake. The opening phase of mobile money was all about cash-in, cash-out, transfers and utility payments. These were, in comparison to micro-loans, low-risk services as long as the in-built system controls functioned and RA teams ran suitable controls.

Lending is going to call for a proper assurance framework, in an industry that has not previously sought to compete with real banking products. The demand for the service is there but the capabilities, systems and processes for assuring it are not necessarily in place.

Take the example of credit vetting and the infrastructure it requires. Credit reference bureaus in much of Africa are woefully equipped. Where they exist, the operators have not fully integrated with them. Now we have customers applying for loans on the fly – they may represent the bad debt problem of tomorrow. Summit Consulting team leader Mustapha Mugisha issued a warning when he talked about customers running from banks to mobile lending:

We saw a relationship between mobile money whereby a person is able to get a quick loan via mobile… they know banks will not be able to give a top-up yet mobile money can. People with existing loans are embracing the micro loans for quick fixes at the expense of paying their bank loans.

It is thus very likely that the same guy we are rushing to embrace as a micro-borrower is a delinquent running away from the bank. Will this leopard change his spots once we approve his loan?

Here are eight recommendations for RA practitioners who want to prepare their business for the risks of mobile money loans.

1. Understand the product. You cannot assure what you do not understand. The easiest way is to make sure RA is part of the product launch process. Controls flow better if they are conceptualised early in the process.

2. Track the correct business metrics. This will help you understand how fast the problem is coming at you. A lending product may lie dormant for some time and then suddenly spike. The spike may be good news or may be bad news. Either way, you do not want to wait a week before you discover the news.

3. Map the RA controls. Be clear on what you can do and what you cannot do. Let management know the challenges and the limitations of scope. For example, you may have a field in the database that lets you know KYC documentation is submitted and approved by the back office team. Your controls may use that field but in actual fact, you may not have a way to gain 100 percent assurance of all KYC documents, confirming that a copy of the customer’s ID was submitted, it has been stored properly, it has been verified to be authentic and so on.

4. Automate as much as possible. Take advantage of newer approaches such as machine learning when implementing early warning controls. If a new SIM is issued to a customer, their e-KYC is submitted without problems, the customer hardly uses any GSM services, and then the customer applied for the maximum permitted loan on the exact day they become eligible… what are the chances?

5. Recognize that GSM technologies made us lazy. We relied so much on MSISDN. Mobile money requires thinking of MSISDN, wallets and accounts at the same time as we track the movement of funds.

6. Equip the first line instead of babysitting the first line. There is no need for RA to do every aspect of assurance. There are other teams in charge of product definition, setting business rules, reporting and reconciliations. Let them take ownership of operational controls. When I started out in RA, I was doing product risk assessments. Each risk in the process had an owner and the owner could not turn around and look at RA when the proverbial crap hit the fan. Ownership is key.

7. Speak to banks and other partners who are responsible for making the product a reality. In my last position at Vodacom Tanzania, we used to have a monthly RAG-style meeting with other operators. Midstream, we brought on board the banks and there was an improvement in the quality of conversations around bad debt and SIM swap frauds. Give it a try!

8. Build partnerships with other assurance teams in the company. I always found it useful to have allies in the Anti Money Laundering team, as well as the Cybersecurity, Legal, Regulatory, Privacy and Compliance teams. When assuring a risky, heavily-automated, and highly-regulated product, you cannot have too many people on your side.

Joseph Nderitu
Joseph Nderitu
Joseph Nderitu is a director at Integrated Risk Services Ltd and specializes in revenue assurance. He previously worked as Head of Revenue Assurance and Fraud Management at Vodacom's operation in Tanzania, having previously served in the same role at Vodacom Mozambique.

Before his work with Vodacom, Joseph was an internal audit manager for Airtel, with responsibility that covered their 17 countries in Africa. Whilst at Airtel, Joseph led reviews of the Revenue Assurance, Customer Service and Sales & Marketing functions.

Prior to his stint at Airtel, Joseph was an RA manager at Safaricom in Kenya. He holds an MSc Degree in Information Systems.