Shining the light on mis-selling in Indian banking
By Bindu Ananth & Malavika Raghavan, IFMR Finance Foundation
We should care deeply that millions of Indians are still turning to expensive informal financial services in the face of seasonal and volatile incomes, despite years of trying to improve access to basic financial services. Any innovation with a promise to provide disruptive solutions deserves careful attention and a concerted effort to ensure success. It is in this spirit that we approach the Aadhaar debate.
Test and learn—but then evolve
For years, our country’s financial inclusion strategy tried to expand access by opening more bank branches. One reason this has not scaled is because providers face high operating costs for “low-value” services, driven in part by physical “know your customer” (KYC) procedures and paper-based verification of transactions. Previous work by our colleagues Anand Sahasranaman and Deepti George showed that the cost of delivering a rural loan of Rs10,000 through a branch could be Rs4,153 (41.53%) for a public sector bank and Rs3,207 (32.07%) for a private sector bank.
Aadhaar and IndiaStack have held out the promise of overcoming these costs using technology—through e-KYC for users, remote verification of transactions and lowering transaction costs of payments. Taken with other inclusion efforts, we are within striking distance of every Indian having access to a bank account and being able to easily send and receive payments. Not a panacea by any means but a definite milestone for inclusive development.
However, we have also arrived at an inflexion point for the unique identifier (UID) system. If the first part of the task for this system was about technology implementation, now it faces an important next step—creating trust and confidence in that technology and the institutions that administer and oversee Aadhaar. We must have the openness and the humility to leverage the potential of Aadhaar to deliver access to basic services while continuing to work on gaps and weaknesses, some of which we will only learn as we go.
Improving protections for users
We have some specific suggestions that need immediate attention with respect to financial service providers, the Unique Identification Authority of India (Uidai) and users, when considering Aadhaar and its use in digital financial services.
We must make providers liable to put customers back “in the money” for failed/unauthorized transactions: it is important that the users of Aadhaar-linked accounts and Aadhaar-enabled payment processes do not bear the costs of failures in this system as the volume of digital payments increases. The Reserve Bank of India (RBI) has taken the right steps by releasing a draft circular on limiting liability of customers in unauthorized electronic banking transactions. We need to move this into live regulation and extend it appropriately for non-bank providers and third parties.
Over 1.15 billion Aadhaar numbers are now in existence. Such a massive public database containing citizen information needs clear audit and accountability procedures.
We should support an independent observatory to monitor Aadhaar-based transactions: more hard data about the successes and failures of Aadhaar-based transactions will help drive an informed discussion about the system’s efficacy. An independent body monitoring Aadhaar transaction failures and user experiences, and publishing this data periodically, could be a strong accountability mechanism and improve Aadhaar.
We need a “living will” for Uidai: in large-scale projects of this nature, it is helpful to think about worst-case scenarios. In the banking world, “living wills” have been an interesting policy tool to force systemically important institutions to lay down their game plan in the event of bank failure. Similarly, no matter how improbable it might seem today, it would be useful for Uidai to lay out a plan to deal with a severe security breach.
We also need to reform the Aadhaar redress mechanism: currently, we have an opaque redress and complaints system at Uidai, especially a concern since the Aadhaar Act empowers only Uidai or its officers to initiate proceedings for disclosure or misuse of users’ information. Renuka Sane and Vrinda Bhandari’s writing addresses these lacunae clearly. We need a new framework and investment to set out accountability, reporting and performance expectations of Uidai on the Aadhaar grievance process.
We need market conduct oversight for data use by firms across the financial sector: in addition to stronger data protection laws, we need active oversight for firms using personal data. This applies more widely to the financial sector, but we highlight it in this discussion since Aadhaar-seeding of bank accounts is rising, requiring enhanced monitoring to prevent risks, and as more financial firms use IndiaStack as authorized user agencies. We must actively supervise how these firms and government use the Aadhaar system in conjunction with other customer data they hold.
We need to protect the privacy of all residents of India across all platforms, including Aadhaar: the idea that poorer people are less entitled to privacy should be dispelled. Compromising financial privacy could set back wider financial inclusion efforts, if improper disclosure of data leads to denial of credit or reputational harm. This issue goes well beyond Aadhaar, but the ubiquitous use of the Aadhaar number, including for finance, makes this more pressing.
To conclude, a project such as Aadhaar with implications for transforming service delivery must be strengthened in specific ways discussed here so that confidence and trust in the system grows.
—
This article first appeared in Livemint.