Dimension 4 - Client Protection

Client protection is the minimum standard for all responsible financial service providers. The standards in this dimension ensure that the financial institution has the practices and systems in place to prevent harm to their clients, while those clients access and utilize their financial and non-financial services. Institutions that seek to create benefits in their clients’ lives must first ensure that they do no harm, and it’s their responsibility to prevent causing any harm to their clients.

Important note: the Client Protection (CP) Standards that are used for CP assessments and Certifications are not limited to this Dimension and are composed of Essential Practices and Indicators across other dimensions of the Universal Standards as well. Please refer to the Client Protection Standards Manual to see a full list.

Dimension 4 includes five standards:

Standard 4A: The provider does not overindebt clients.
Standard 4B: The provider gives clients clear and timely information to support client decision making.
Standard 4C: The provider enforces fair and respectful treatment of clients.
Standard 4D: The provider secures client data and informs clients about their data rights.
Standard 4E: The provider receives and resolves client complaints.

Standard 4A. The provider does not overindebt clients.

Providers are responsible to take adequate care in all phases of their credit process to determine each client’s repayment capacity and provide credit within this capacity, such that clients can repay without risk of becoming over-indebted. In addition, providers implement and monitor internal systems that support prevention of over-indebtedness and foster efforts to improve market-level credit risk management (such as credit information sharing/reporting).

This standard has 2 essential practices:

Essential practice 4.A.1: The provider makes loan decisions based on a client's repayment capacity.
Essential practice 4.A.2: The provider monitors the market and responds to heightened over-indebtedness risk.

4.A.1 The provider makes loan decisions based on a client's repayment capacity.

Providers should have policies, especially for field staff, that define each step in the loan analysis and credit approval process and help prevent client over-indebtedness. Loan collateral/guarantees (cash deposits, assets, joint liability, co-signers, or salaries) should not substitute for good repayment capacity analysis. Make sure that field staff not only know the procedures but understand why over-indebtedness is dangerous for clients and the institution as well as bad for their own portfolios. For more information about the causes of over-indebtedness and the consequences for clients, you can read the field example below on Musoma and/or these market level studies:

Resources for essential practice 4.A.1

Implementation for essential practice 4.A.1

Loan approval

Define the maximum percentage of a borrower’s disposable income that can be applied to debt service, including debt from your institution. Establish a maximum debt threshold (no more than 70% - where the percentage is calculated as a portion of the client’s monthly disposable income, e.g., installment/household surplus. The remaining amount (minimum 30%) is there to allow a safety net for the client in case of emergency expenses, or to account for approximation or errors in the cash-flow analysis, or for a potential unexpected drop of income. Use conservative criteria when the information collected from the client is less reliable than usual, the client is new to the provider, market saturation is high, the provider is experiencing system-wide delinquency, and in other situations where the client may be more vulnerable to over-indebtedness. Loan officers should not recommend a loan amount that exceeds the maximum debt threshold for the client. The amount recommended for the client should be based on the cash flow of the client’s household and business income, which was constructed during the repayment capacity analysis.
The benchmark used for the household surplus ratio generally increases for renewal loans, depending on the number of loans the client has with the provider, their other outstanding debts, and the client’s repayment history. For example, you may determine the threshold such that for the first loan this ratio must not exceed 50 percent, for the second loan 60 percent, and for all subsequent loans, 70 percent of the client’s monthly disposable income.

Cash flow analysis

The cash flow analysis should take into account business and household income/expenses and liabilities from all sources, including informal ones such as a loan from a neighbor. Include all household members in the debt assessment (e.g., a spouse’s loans outstanding), and count indirect debt as well (e.g., guarantees made for another person’s loan).
In the credit policy, the provider should list the specific sources of income that can count toward the client’s total household income. For example, remittances may be a volatile income source in some cases (e.g., a relative living abroad has an informal job and sends variable amounts on an occasional basis)—in which case they should not count as income—or they might be relatively stable (e.g., a husband has steady employment and sends regular payments)—in which case it is likely safe to count the remittances as income. Provide your loan officers with explicit guidance on different income sources and scenarios and guidance on how to account for them in the repayment capacity analysis.

Pre-payment

Enforce prudent limits for renewal in the case of early repayment. Require a “cooling off period”—a short break of one month—between loans, to inhibit clients from using borrowed money in order pay loans early and also take on a larger loan. Such behavior increases the risk of over-indebtedness and gives the impression that the client’s credit history is good, when in fact s/he is borrowing to pay off loans rather than paying off the loans with the income generated from a productive activity

4.A.1.1 The provider has a policy and documented process for loan approvals.

4.A.1.1.1 The percentage of a borrower's disposable income that can be applied to debt service may not be higher than 70%, including debt from the provider and other lenders.

4.A.1.1.2 Loan approval decisions are made by at least two people, one of whom does not interact directly with the client.

4.A.1.1.3 If a credit bureau exists, the provider reports client data to credit bureaus and uses credit reports in the approval process for loans.

4.A.1.1.4 If the provider offers group loans, either the provider or fellow group members conduct due diligence for each group member.

The details listed here indicate the minimum elements that constitute an appropriate loan approval policy. This policy will likely be in the Credit Manual. The documented process will likely be the forms that loan officers fill out to conduct the research and analysis necessary for the client underwriting process. Any updates or reinforcements of the main policy document may be released as circulars, or memos, and should be reflected in training materials. These documents need to be updated regularly as key reference materials within the provider.

For 4.A.1.1.1

The percentage of disposable income that can be applied to debt service is usually calculated as: [installment amount] / [net monthly cash surplus] – the remaining amount (thus 30% minimum) is there to allow a safety net for the client in case of emergency expenses, or potential unexpected drop of income / seasonal income, but also to account for approximation or errors in the cash-flow analysis.

For 4.A.1.1.2

Loan decisions can’t be made by the loan officer alone. Since the loan officer collects the data and has the closet relationship with the client, there should be at least one other person (a senior loan officer, the head of credit, or the branch manager) involved in validating the client data collected by the loan officer and verifying that the capacity analysis calculations adhere to policy.

For 4.A.1.1.3

If there is a functioning credit bureau in the country, it is absolutely critical for the provider to consult the database for every single loan, and to report on every single client.

For 4.A.1.1.4

Relying on group solidarity to disburse a group loan is not sufficient; the same care should be taken for group loans as individual loans of the same size to ensure that all group members have the capacity to repay their loan. However, the depth of the capacity analysis correlates positively with the loan amount e.g. financial projections are required for a certain loan amount whereas smaller loans can be appraised with a less detailed process, based on historical cash flow data (at least the last 12 months).

Scoring guidance

For each detail, a ‘yes’ score requires (1) a written loan policy with a documented loan approval process compatible with 4.A.1.1, (2) full comprehension of the credit approval policy by the relevant staff, and (3auditor verified compliance with the credit approval policy for a sample of loans approved for current clients.

Detail 4.A.1.1.1

Score ’yes’, if the above three conditions are met fully with a written loan policy that comprises 1) an explicit ceiling (in percentage) of the client’s monthly disposable income that can be used for debt service (the installment amount) which 2) is based on the client’s household and business cash flow.
Score ‘partially’, if the above three conditions are not met fully. For instance, the written loan policy does not mention a ceiling for the client’s monthly disposable income that can be used for debt service or limited staff comprehension of the loan policy or the sample loan approvals reviewed do not comply fully with the loan policy.
Score ‘no’, if 1) one of the above three conditions are not met at all– or 2) all three conditions are met only partially.

Detail 4.A.1.1.2

Score ’yes’, if the above three conditions are met fully with a written loan policy that comprises at least a ‘four-eye’ loan approval process 2) in the case of an automated loan approval process, an effective control mechanism of the entered data and the data used for the loan approval is in place.
Score ‘partially’, if the above three conditions are not met fully. For instance, the written loan policy does not mention an at least ‘four-eye’ loan approval or no effective data control mechanism in the case of an automated loan approval process or the sample loan approvals does not comply fully with the loan policy.
Score ‘no’, if 1) one of the above three conditions is not met at all or 2)all three conditions are met only partially.

Detail 4.A.1.1.3

Score ‘N/A’, if there is no functioning credit bureau.
Score ’yes’, if, in the case of a functioning credit bureau, the above three conditions are met fully with a written loan policy that requires (1) the consistent use of credit bureau data for each loan approval and (2) the regular reporting on its borrowers’ loans and payments to the credit bureau.
Score ‘partially’, if the above three conditions are not met fully. For instance, the loan policy does not mention the use of credit bureau data for each loan approval, or the credit staff does not fully understand the importance of using consistently credit bureau data or the sample loan approvals does not comply fully with the loan policy.
Score also ‘partially’ in a case of a not-well functioning credit bureau - even if the three above conditions are fully met, as it will not be useful to prevent the risk of over-indebtedness (e.g.: if the credit bureau database is updated only once in a while and does not reflect the exact current outstanding loans a client may have).
Score ‘no’, if the provider does not use credit bureau data for loan approval and/or does not report to it in the case of a functioning credit bureau. If there are several entities providing credit reports, the auditor should assess whether the one(s) the provider is using cover(s) the adequate market and risks.

Detail 4.A.1.1.4

Score ‘N/A’, if the provider does not offer group loans.
Score ’yes’, if the above three conditions are met fully with a written loan policy that requires a loan due diligence for each group borrower for loan approval to be carried out by either the provider or a fellow group borrower. Such individual repayment capacity analysis can be less formal and detailed than for individual borrowers.
Score ‘partially’, if the above three conditions are not met fully. For instance, the loan policy does not mention the use of a loan due diligence for each borrower or the credit staff or the fellow group borrowers do not fully understand how to analyze the loan repayment capacity of a single group borrower or the sample loan approvals do not comply fully with the loan policy.
Score ‘no’, if neither the provider nor a fellow group borrower is analyzing the loan repayment capacity of each group borrower for loan approval.

Sources of information

Loan Policy & Procedures manual(s), loan approval process
Loan process documents, client repayment capacity evaluation forms
Training materials, circulars, handouts etc.
Interviews with credit staff at various levels of the organization such as loan officer, branch manager, regional manager, Head of Credit/Operations etc. (verifying whether the credit policy is understood and that they are staff incentives to follow it)
Branch/field observations - attending client loan evaluation visits and Credit Committees to see the content of discussions
Credit bureau process and its data accurateness.

Evidence to provide

Specify the percentage of client’s disposable monthly income that can be used for debt service and cite the document name and page/chapter number where this information can be found.
Describe the loan approval process, how credit bureau information is included there and how relevant it is to the analysis and explain the Credit Committee composition and process.
Explain how the staff understand and apply the policies and procedures for loan approval.

Resources for indicator 4.A.1.1

4.A.1.2 The provider conducts a cash flow analysis to evaluate repayment capacity.

4.A.1.2.1 The provider conducts a cash flow analysis that considers income, expenses and debt service related to business and family, and any other sources of revenue, including informal sources.

4.A.1.2.2 The provider does not use guarantees, guarantor income, collateral, and/or insurance coverage as proxies for repayment capacity or as the main basis for loan approval.

Credit staff should assess client repayment capacity for every loan cycle, using a cash flow analysis and review of current indebtedness (formal and informal). To effectively carry out a cash flow analysis for every client, the field staff must understand what data to collect, how to verify it and cross-check it, to reach a realistic picture of the client’s disposable income.

The cash flow analysis is based on all the listed elements, consolidating both household and business cash flows, including any outstanding debt. It should apply conservative criteria in projecting income, not underestimate or omit expenses, and should account for seasonality of cash flows.

The Credit Committee uses this analysis to approve the loan and to determine the appropriate loan size for that client. If the cash flow analysis is poor or unverified, the Credit Committee does not rely on guarantees to approve the loan and requests an improved loan analysis.

If due diligence is conducted by group members, groups are trained annually on how to conduct due diligence and the relevant loan criteria they should consider. For loans with a group guarantee, due diligence may be conducted by the provider or group members. For group loans without group guarantees, the provider carries out a repayment capacity analysis for each borrower.

Scoring guidance

For each detail, a ‘yes’ score requires (1) a written loan policy on how to conduct cash-flow analyses to appraise loan repayment capacity compatible with 4.A.1.2, (2) full comprehension of the loan policy by the staff concerned, and (3) auditor verified compliance of the sample loan approvals with the loan policy.

Detail 4.A.1.2.1

Score ’yes’, if the above three conditions are met fully with a written loan policy that requires (1) a cash-flow analysis to consider income, expenses and (formal and informal) debt service related to business and family/household and (2) a new cash-flow analysis at each loan cycle.
Score ‘partially’, if the above three conditions are not met fully. For instance, the written loan policy does not spell out consistently how to conduct a cash-flow analysis or it does not require a cash-flow analysis for each loan cycle or there is limited staff comprehension of the loan policy, or the sample loan approvals do not comply fully with the loan policy.
Score ‘no’, if 1) one of the above three conditions is not met at all or 2) all three conditions are met only partially.

Detail 4.A.1.2.2

Score ‘N/A’, if the provider does not take any type of loan collateral.
Score ’yes’, if the above three conditions are met fully with a written loan policy that stipulates that loan collateral and/or insurance coverage cannot replace the cash-flow based repayment capacity analysis as the main basis for loan approval.
Score ‘partially’, if the above three conditions are not met fully. For instance, the written loan policy does not mention a ceiling for the client’s monthly disposable income that can be used for debt service or limited staff comprehension of the loan policy, or the sample loan approvals do not comply fully with the loan policy.
Score ‘no’, if 1) one of the above three conditions are not met at all or 2) all three conditions are met only partially.

Sources of information

Loan Policy & Procedures manual(s) and any additional materials that describe how to conduct a cash flow analysis and/or evaluate repayment capacity, and how guarantors and collateral are used.
Interview with loan officers to verify their understanding of the repayment capacity analysis and the source of information.
Review a sample of loan files to verify the cash-flow analysis and the weight given to collateral and guarantees.
Branch/field observation:
- attending repayment capacity evaluation visits at the client in 2-3 branches,
- attend Credit Committees in 2-3 branches to understand how guarantees weigh in loan decision-making.

Evidence to provide

Verify a random sample of the calculations of loan repayment capacity analysis in a few loan folders during the branch visits to ensure that the capacity analysis is complete, and the loan amount recommended is reasonable e.g., within the limits established in the policy.
Ask loan officers to explain the calculations, to ensure they understand the data they need to gather and analyze.
Describe what matters in terms of capacity to repay in the Credit Committee decision-making process

4.A.1.3 The provider's policy on loan prepayment specifies the conditions under which it is acceptable for clients to pay a loan early in order to take a new loan.

4.A.1.3.1 When the client applies for prepayment to get another loan, the provider specifies a time period and/or percentage of the active loan's principle that must be repaid before being eligible for a new loan.

4.A.1.3.2 When the client is taking another loan immediately after prepayment, the provider conducts a new cash flow analysis.

Prepayment refers to the payment of the full outstanding amount of a loan before the end of the loan term, such as a client who has a 12-month loan term but wants to repay it in full by the 8th month. The provider should accept this, if the client can repay her/his debt without refinancing it with a new loan.

The prepayment of a loan and the simultaneous taking of another loan can be a sign of debt stress from the client and can lead to over-indebtedness; it can happen that allowing clients to take ever increasing loans, which are used to pay off existing loans, leads to a vicious circle of debt that can cause dire consequences for the client and his/her household when the stream of credit is interrupted. This is a risk, but it doesn’t mean that prepayment to take a new loan is necessarily a bad practice. Thus, the provider should ensure through adequate policy and conditions that loan renewals are carefully disbursed, with adequate safeguards, and that those loans are tracked in the MIS as new loans and monitored.

To prevent client debt stress, the provider should create a policy that encourages responsible behavior by the client that may seek a top-up loan i.e., prepaying the existing loan and immediately taking a larger loan. This policy should also be consistent with the standards on responsible pricing and fees. For example, if the client repays the loan early, they should not be obligated to repay all the interest they would have paid if they had held the loan for the full period of the loan term. At the same time the provider should not make it too easy for the clients to obtain top-up loans as it is not a financially healthy behavior for clients to engage in, though it is common in many markets. Some providers require a waiting period of a month or some shorter period of time between the prepayment of one loan and the disbursement of a subsequent loan, in order to help reduce the use of new loans to pay off existing loans.

Scoring guidance

Score ‘N/A’, if the provider’s policy does not allow loan prepayments.

For each detail, a ‘yes’ score requires (1) a written loan policy to specify the conditions under which clients can repay early to take a new loan compatible with 4.A.1.3, (2) full comprehension of the loan policy by the staff concerned, and (3) auditor verified compliance of the sample loan approvals with the loan policy.

Detail 4.A.1.3.1

Score ’yes’, if the above three conditions are met fully with a written loan policy that stipulates (1) a time (cooling off) period and/or a percentage of the active loan’s principal to be repaid before being eligible for a new loan and (2) required procedures to implement this carefully without facilitating client over-indebtedness.
Score ‘partially’, if the above three conditions are not met fully. For instance, the written loan policy neither mentions a cooling off period nor a percentage of the active loan’s principal to be repaid prior to prepayment or limited staff comprehension of the loan policy or the sample loan approvals do not comply fully with the loan policy.
Score ‘no’, if 1) one of the above three conditions is not met at all or 2) - all three conditions are met only partially.

Detail 4.A.1.3.2

Score ’yes’, if the above three conditions are met fully with a written loan policy that requests a new cash-flow analysis if a new loan is taken immediately after prepayment.
Score ‘partially’, if the above three conditions are not met fully. For instance, the written loan policy does not require a new cash-flow analysis for all new loans taken immediately after prepayment or limited staff comprehension of the loan policy or the sample loan approvals do not comply fully with the loan policy.
Score ‘no’, if 1) one of the above three conditions is not met at all or 2) all three conditions are met only partially.

Sources of information

Loan Policy & procedures manual(s)
Interviews with branch manager and credit officers.
Prepayment policy and/or credit renewal policy / refinancing policy.
Review of a random sample of loan files for clients who have prepaid and immediately renewed / refinanced their loans.

Evidence to provide

Describe the conditions that the provider has defined for renewal following prepayment, and/or for refinancing, and provide the policy name and chapter.
Describe any safeguards the provider has put in place to help prevent client over-indebtedness during this transaction, for example the provider may specify the maximum increase in loan size for a top-up loan by percent of the original loan amount.
Describe the process that the provider uses in the event that the client requests prepayment on his/her existing loan in order to take out a new loan, including whether a new cash-flow analysis is conducted, when, and by whom.
Evidence collected from interviews with credit staff and sample loan files.

Resources for indicator 4.A.1.3

Refinancing Policy (FUBODE, Bolivia)

4.A.1.4 If the loan approval analysis is done through an algorithm, the provider reviews how well the algorithm functions. Minimum frequency: annually

4.A.1.4.1 The provider reviews the effectiveness of the algorithm for predicting client repayment.

4.A.1.4.2 The provider checks its algorithms for bias against Protected Categories and corrects it as needed.

Using algorithms to facilitate repayment capacity analysis for loan approval increases dramatically the risk of client over-indebtedness. This is mainly due to the fact that most algorithms are designed to evaluate the probability that the client will repay, not the actual capacity of the client to repay. Any responsible provider using an algorithm in place of a cash flow analysis and loan officer-based repayment capacity analysis must ensure that the designers of the algorithm understand the provider’s mission and target clients prior to designing the algorithm. The provider should test the algorithm on a sample of existing loan files to understand if the results of the algorithm are consistent with their previous repayment capacity analysis and how the two approaches differ and whether or not those differences are consistent with its mission and social goals.

The details provide further guidance:

After a period of no more than 12 months, the provider conducts a review of the effectiveness of the algorithm at accurately predicting which clients will be willing/able to repay their loans. It is important to conduct this review either in a pilot-test or promptly upon deploying a new algorithm or new criteria to reduce the risk of clients suffering from significant debt stress. If the provider is switching from a cash flow-based repayment capacity analysis to an algorithm, it should also make sure to define specific monitoring indicators and red-flags to have early warnings of potential debt stress among its clients.
Since the algorithms used in credit decision-making usually use data mining and analysis of big data sets to develop predictions for each client, there is a higher risk of unintentional bias in this process. The algorithms use criteria such as number of contacts in the candidate’s phone, or number of social media accounts and interactions as predictors of likelihood of repayment. For example, if a gender divide exists in a certain country in terms of smart phone ownership and smart phone ownership is one of the criteria used in the algorithm, the algorithm may contribute to widening the gender gap in terms of access to credit.
The International Labor Organization (ILO) defines Protected Categories as those characteristics of a person that cannot be used to discriminate against them for employment purposes, which include ethnicity, gender, age, disability, political affiliation, sexual orientation, caste, and religion.
The provider should consider how the algorithm’s recommendations for credit approval and amount vary based on the gender and ethnicity of the candidates to see whether the biases of the algorithm’s designers or the selection of certain data inputs creates a risk of discrimination. If this type of bias is identified, the provider must work with the designers of the algorithm to reduce the amount and effects of bias in the algorithm over time.

Scoring guidance

Score ‘N/A’, if the provider does not use an algorithm for the loan approval analysis.

Detail 4.A.1.4.1

Score ’yes’, if the provider has conducted a review of how the algorithm works both (1) prior to launching and (2) regularly during its period of usage, and at least once in the last 12 months.
Score ‘partially’, if the provider meets one of the two above requirements only.
Score ‘no’, if the provider fails to meet both above requirements.

Detail 4.A.1.4.2

Score ’yes’, if the provider (1) evaluates its loan decision-making algorithm for bias against vulnerable clients, such as indigenous, rural or female etc., (2) adjusts the algorithm with the designer, if any biases were detected, and (3) reviews the algorithm for bias whenever the algorithm is redesigned/modified in a significant way.
Score ‘partially’, if the provider meets only one or two of the above three requirements.
Score ‘no’, if the provider fails to meet any of the above three requirements.

Sources of information

Interview with the Head of Credit.
Interview with the Head of IT and other personnel who were responsible for the design and roll out of the algorithm.
If the provider hired an external firm to design the algorithm, the TOR - and execution reports - for that work could be useful to review to know what parameters the firm was given for the design of the algorithm and whether any social considerations were taken into account e.g., avoiding bias in the algorithm due to type of data used etc.
Any reports on the review of the algorithm’s effectiveness.

Evidence to provide

Describe how the algorithm was developed, tested, and reviewed.
Provide the date of the last review, how often it is carried out, a description of the type of review that was conducted and by whom, and the outcome of the review.

Resources for indicator 4.A.1.4

4.A.2 The provider monitors the market and responds to heightened over-indebtedness risk.

Over-indebtedness is not an absolute level of debt, but rather is commonly understood as a situation where a client has to make unacceptable sacrifices in order to repay a loan. Management and board should develop a definition of over-indebtedness for the provider’s context (i.e., “what does over-indebtedness mean for our clients, and how do we identify it?”), and they should define indicators and benchmarks that serve as early warnings for over-indebtedness. Examples of such indicators include: PAR by product, branch, and loan officer; number/percentage of clients (1) with multiple loans; (2) repaying loans early; and (3) exiting; early repayment by product; calls on guarantees; and number/percentage of delinquent loans. In particular, the provider should track rescheduled loans, and produce reports at least monthly, as a rising number of rescheduled loans may reflect rising over-indebtedness.

4.A.2.1 Senior management monitors portfolio quality to identify over-indebtedness risk. Minimum frequency: monthly

4.A.2.1.1 The provider analyzes portfolio quality by branch, product, and client segment.

4.A.2.1.2 The provider tracks restructured, rescheduled, or refinanced loans.

Senior management (including branch management) should monitor the portfolio for potential over-indebtedness problems by analyzing, at least monthly, the data and trends for the indicators that support the provider’s definition of over-indebtedness. It should also analyze credit bureau information at the aggregate level (if available) to make informed decisions about products, expansion, and targeting. The board should also receive and review portfolio reports at least quarterly. Portfolio quality refers to non-performing loans, restructured/rescheduled loans, and write-offs. Examples of high-risk factors include: rising number of multiple borrowings, lack of effective credit bureau, high growth, high penetration rates of other providers, high competition, growth models of geographic expansion versus concentration, disaster situations, political conflict, major economic downturns.

When a risk of systemic over-indebtedness arises in the market, the provider should adopt risk mitigating policies, such as slower growth, more conservative loan approval criteria, limits on total number of loans an individual can have at one time from multiple providers, and the corresponding review of the incentives schemes for credit staff (see more about this in Standard 6.A.2).

In addition, the provider should offer restructuring options to its clients, under condition, but as a relief of their debt stress. And in doing that, because this option is offered to clients who experienced difficulties to pay back, it is critical to track them separately, as a rising number of restructured loans may reflect rising over-indebtedness.

Definitions: The term “restructured loans” encompasses both rescheduled and refinanced loans. Rescheduled loans are loans whose term has been modified to permit a new repayment schedule, to either lengthen or postpone the originally-scheduled installments, or to substantially alter the original loan terms. Refinanced loans are loans that are disbursed to enable repayment of prior loans for which the client was unable to pay the scheduled installments. Refinancing comes usually with a higher amount than the outstanding previous loan due, to allow the client to relaunch its business with a fresh start.

Scoring guidance

Detail 4.A.2.1.1

Score ’yes’, if senior management and branch management reviews over-indebtedness risk at least monthly by (1) monitoring portfolio quality with specific indicators broken down by i) branch and credit staff, respectively, ii) product, and iii) client segment, (2) discussing the data and trends at management meetings, and (3) using this information for decision-making.
Score ‘partially’, if the provider meets only partly the three above requirements. For instance, portfolio quality is monitored by branch and product only, but not by client segment or portfolio quality data and trends are discussed only informally with no minutes taken or the provider takes decisions with significant delays.
Score ‘no’, if the provider fails to monitor adequately and/or regularly portfolio quality or does not take needed decisions despites adequate and regular monitoring of portfolio quality.

Detail 4.A.2.1.2 (should be consistent with 4.C.3.2)

Score ’yes’, if (1) the management information system (MIS) produces automatic monthly reports on the status of rescheduled and refinanced loans and (2) senior and branch management make decisions upon analysis of these reports.
Score ‘partially’, if the provider meets only partly the two above requirements. For instance, portfolio quality is monitored by branch and product only, but not by client segment or portfolio quality data and trends are discussed only informally with no minutes taken or the provider takes decisions with significant delays.
Score ‘no’, if the provider does not offer restructuring/rescheduling or refinancing of loans or if neither senior management nor branch management take decisions upon the analysis of rescheduled and refinanced loans or the MIS cannot produce monthly automated reports on rescheduled and refinanced loans.

Sources of information

Interviews with Head of Credit, regional credit managers, and branch managers.
Interviews with the data analysis or business intelligence staff at head and branch office who analyze the data on restructured and refinanced loans.
The portfolio monitoring reports generated for management / MIS reports on restructured and refinanced loans.
The rescheduling/refinancing loan policy.
Interviews with credit staff at various levels to determine what is the policy and what is the practice with regards to rescheduling and refinancing loans.
The Loan Policy & Procedures manual(s) (or other document) that contain the institutional definition of client over-indebtedness.
The interviewer should also ask what steps, if any, have been taken by senior and branch management to address any concerns raised by the analysis of portfolio quality.

Evidence to provide

The description of the KPIs used to generate monitoring reports on loan portfolio quality at HQ and branch level and the frequency of these reports and by whom.
If applicable, the institutional definition of client over-indebtedness, and the loan manual(s) and page number where to find the evidence.
List which data is reported on, what the recent trend data shows, and how management uses this information.

Field Examples/implementation guidance

Partner Microcredit Foundation (Bosnia-Herzegovina) uses Internal Audit to detect lending practices that could increase client over-indebtedness. Internal auditors regularly visit all branches, and they use a random sampling technique to select clients to interview from each branch. Auditors visit two groups of clients, selected at random: the first group of clients includes all types of clients, while the second sample is selected from delinquent clients only. Each client responds to a detailed questionnaire that auditors use to detect procedural violations by loan officers. The questionnaires also solicit general information on household debt levels. By focusing specifically on delinquent clients, auditors can determine if and how policies or credit staff behaviors may have contributed to client over-indebtedness.

Resources for indicator 4.A.2.1

Monitoring Individual Repayment in Group Guarantee Mechanism

4.A.2.2 The provider defines PAR levels that trigger additional internal monitoring and response.

The provider’s risk management department/unit and/or Internal Audit should verify compliance with credit policies and systems on a regular basis. Monitoring by internal control/internal audit should check that field staff execute accurate repayment capacity analysis and other over-indebtedness prevention practices, like credit history checks and accurate collateral valuation. Internal auditors or compliance officers should also visit a representative sample of clients each year to crosscheck compliance through client interviews. Pay particular attention to branches with high PAR or where other risk factors are present, such as high client exit rates, cases of multiple borrowing, or renewals after early repayment. Additionally, where group members are responsible for loan appraisal, this monitoring is essential to ensure that the system is working, and that social collateral is not masking poor credit capacity analysis.

The provider should define a threshold for PAR that prompts closer oversight from Operations, Risk Management, and Internal Audit. This can also include recommended actions from Management at HQ and branch levels to help identify whether this PAR is a warning sign of client over-indebtedness. Responses can include reduced growth targets, more conservative loan approval criteria, and adjustments to staff incentives, etc.

Scoring guidance

Score ’yes’, if the provider must have clearly defined PAR levels which trigger (1) additional monitoring, (2) investigations of the causes of the high PAR by senior and/or branch management, and (3) responses at HQ and/or branch levels to resolve rising PAR.
Score ’partially’, if one of the three above requirements is missing.
Score ‘no’, if 2-3 of the above requirements are missing.

Sources of information

Interview with Operations at HQ and branch level.
Loan Policy & Procedural manual(s) or a memo or circular from Operations that defines the PAR thresholds that trigger additional monitoring, more in-depth analysis, and follow-up actions.
Interview with Internal Audit, Risk management.

Evidence to provide

Provide the source that specifies the PAR levels that trigger additional monitoring and the specified actions required by units at HQ and branch level, including the names of the relevant departments.

4.A.2.3 If the provider's total credit risk has averaged more than 10% during any quarter in the past three years, the provider has taken corrective measures.

Definition: Total credit risk is calculated as total PAR30 + 12 sliding-months write off ratio + all rescheduled /refinanced loans. This should not exceed 10% (except in times of crisis, such as Covid-1; justification for this high PAR should be provided).

If total credit risk has averaged more than 10% during any quarter in the past three years, the provider should put in place corrective measures to reverse the trend. In the case of declining portfolio quality linked to client non-repayment, consider whether one or more of the following corrective measures is appropriate:

Conduct a portfolio audit to understand the issues;
Reinforce compliance, internal controls, and or internal audits on lending practices;
Reinforce training of field staff on repayment capacity analysis;
Reduce amount of lending until the PAR can be brought under control; and/or
Increase measures to monitor context risks, understand client situations that can impact delinquency (economic/environmental/public health crisis, political activity, non-repayment crises in neighboring providers, etc.). In this case, find the best way to support clients (restructuring, access to term savings, etc.).

The provider should differentiate average PAR levels by region, and thresholds may vary by country. Whereas 5% PAR levels are considered great in some regions prior to the Covid-19 pandemic, below 1% PAR can be common in others.

Scoring guidance

Score ‘N/A’, if the provider had less than 10% credit risk in every quarter for the last 3 years.
If credit risk has been more than 10% in any quarter for the last three years, score ’yes’, if management has (1) monitored credit risk levels at least monthly and (2) implemented corrective actions for at least the past two consecutive quarters to adequately reduce it.
Score ’partially’, if management has met only partly the two above requirements. For instance, management has monitored credit risk levels less frequently than monthly or its corrective actions were not y adequate or lasted for less than the past two consecutive quarters.
Score ‘no’, if management has not implemented any corrective actions.

Sources of information

Reports that calculate credit risk on a quarterly basis, using the above definition (or the auditor’s own calculation, if reports are not available).

Evidence to provide

A statement about whether total credit risk has averaged more than 10% during any quarter in the past 3 years and, if yes, what the provider has done to address and improve this situation.
Explain any extenuating circumstances that would have triggered a sharp rise in PAR, such as a pandemic, a coup d’état, a natural disaster (hurricane, flood, earthquake), etc.

Resources for indicator 4.A.2.3

Standard 4B. The provider gives clients clear and timely information to support client decision making.

Providers communicate clear, sufficient, and timely information in a manner and language that clients can understand, so that clients can make informed decisions. The need for transparent information on pricing, terms, and conditions of products is highlighted. The provider must ensure that clients understand the information disclosed.

Resources for Standard 4B

This standard has 2 essential practices:

Essential practice 4.B.1: The provider is transparent about product terms, conditions, and pricing.
Essential practice 4.B.2: The provider communicates with clients at appropriate times and through appropriate channels.

4.B.1 The provider is transparent about product terms, conditions, and pricing.

Transparency on product information is vital for client understanding. When clients understand the products, they are buying and using, they are more likely to use them successfully. Client success is a major determinant for the health of the loan portfolio. Furthermore, client understanding helps build confidence and trust. The following transparency practices are recommended:

Product contracts should be in simple language without illegal clauses and not in fine print. If technical language is required by law, ensure that the Key Facts Documents are written in simple language.
For loans with a group guarantee or a guarantor, clearly define member and/or guarantor obligations, and communicate these to group members and guarantors in a way they can understand.
If the loan has a variable rate and/or is denominated in a currency different from the main currency of the client’s source of income (e.g., the client earns income in pesos and the loan is in USD), clearly explain pricing and cost scenarios to the client, including a pessimistic scenario in which exchange rates change and the loan is not worth as much money.
For clients using payment services, make sure that the documentation that lists all fees, terms, taxes, and cancellation conditions is provided at your agents’ locations where they facilitate payments. Such services include money transfers, bill payments, airtime top-up, and deposit withdrawal.

Resources for 4.B.1

4.B.1.1 The provider gives a Key Facts Summary Document to borrowers. The document contains the following information:

i. Total loan amount.
ii. Pricing, including all fees.
iii. Total cost of credit: all principal, interest, and fees plus cash collateral.
iv. Disbursement date and loan term.
v. Repayment schedule with principal and interest amounts, number, and due dates of all repayment installments.
vi. All deductions from principal disbursement (e.g.: first installment, commissions, fees, cash collateral, taxes), if applicable.
vii. How cash collateral / mandatory savings can be used in case of default, if applicable.
viii. Moratorium interest rates, terms, and conditions, if applicable.

The contract should always come with a one to two-page summary of the most important information, called the Key Facts Document, to summarize in an easy to find and easy to understand format the main information pertaining to the client’s loan. The Key Facts Document should be written in the local language and use simple forms of expression to convey the most important aspects of the loan in a way that clients with low levels of both literacy and financial literacy can understand and refer to in the future. Loan passbooks which are common in group lending usually serve as Key Facts Documents.

Scoring guidance

Score ‘yes’, if all borrowers receive a fully complete Key Facts Document per type of loan that contains the eight above listed information.
Score ‘partially’, if the Key Facts Document is missing one or two of the eight above listed information for any type of loan.
Score ‘no’, if not all borrowers receive a Key Facts Document and/or the Key Facts Document is missing three or more of the eight above listed information for any type of loan.

Sources of information

Loan contract(s), Key Fact Document(s), client welcome kit(s), in template form and a random sample of Key Fact Documents filled out for specific clients.
Branch/field Observations: Observe/listen to loan application and loan disbursement meetings in at least two branches and review any welcome kit materials that may be provided to clients in the moment of loan application and loan disbursement to see how this information is conveyed orally to clients who may not be literate or who will benefit from an oral reinforcement of the information contained in the Key Facts Document.
Interviews with loan officers and clients.

Evidence to provide

Reference to the Key Facts document of each loan type/product
Determination by the auditor about whether the Key Facts Document contains all the needed information (listed in the indicator) and/or what information is missing.

Resources for indicator 4.B.1.1

4.B.1.2 Loan contracts include the following information, as applicable to the product:

i. Grace period.
ii. Mandatory savings / mobile wallet amount.
iii. Automatic account debiting mechanisms.
iv. Linked products.
v. Member or guarantor obligations.
vi. Collateral requirements and seizing procedures.
vii. Consequences of late payment and default.
viii. Prepayment conditions: whether it is possible and how it affects the cost.
ix. Whether terms and conditions can change over time and how that would affect clients.

The loan contract should be written in the language that the clients speak and should be as short and simple as possible given the legal requirements of the country. The contract should be filled in completely with all nine above-listed information so that the client can fully understand her/his obligations and make informed choices. The client should receive a copy of the contract signed by both sides for her/his record.

“Consequences of late payment” refers to the penalties clients would pay, as well as the process the provider would take in case the client does not pay on time (e.g.: phone call, visit after x days…). “Prepayment conditions” and “how it affects the cost” refers similarly to penalties clients would pay.

Scoring guidance

Score ‘yes’, if all borrowers receive a complete Key Facts Document per type of loan that contains all the nine above-listed information.
Score ‘partially’, if the Key Facts Document is missing one or two of the nine above-listed information for any type of loan.
Score ‘no’, if not all borrowers receive a Key Facts Document and/or the Key Facts Document is missing three or more of the nine above-listed information for any type of loan.

Sources of information

The loan contract for each of the FSP’s main products.
Review a random sample of contracts for each type of loan to verify which of the nine above-listed information is shared uniformly.

Evidence to provide

Description of the loan contract, how it differs by product, if applicable, and which items are included in the contract and which are absent.

4.B.1.3 Loan contracts are available in the major local languages.

The goal is to make the loan contract accessible to the clients by sharing information in a way that they can access and understand, in the local languages spoken in the regions covered by the provider. The following recommendations apply:

If the country has multiple official languages, then the provider should have contracts available for clients in each of those official languages
If the clients speak one language and read another (because their native language does not have a written form), then the contract should be in the language that most clients know how to read.
If the clients speak and read a language that is not an official language of the country but is the language that many clients speak and read, then the contract should be in that language

Scoring guidance

Score ‘N/A’, if there is only one official language in which the large majority of people speak and write.
Score ‘yes’, if the loan contracts (1) are in the language(s) that most of the clients speak/read in at least 95% of all branch areas and (2) are available in all of the country’s official languages.
Score ’partially’, if the provider meets just one of the above two requirements, but offers loan contracts in the language(s) that most of the clients speak/read in at least 50% of all branch areas.
Score ‘no’, if loan contracts are offered in the language(s) that most of the clients speak/read in less than 50% of all branch areas.

Sources of information

Review of the loan contracts regarding languages used.
Interviews with field staff to understand the languages utilized by the provider.
Client interviews to verify whether the random sample clients do both write and speak the language of their loan contracts and Key Facts Documents.

Evidence to provide

Description of which languages the clients use and what languages the contracts are offered in as well as any activities the provider does to help make the contract accessible.

Note that is some countries, the number of local languages is important. In this case, the provider should explain how it ensures that all clients can understand their contract in the language provided.

4.B.1.4 The provider communicates product information in a way that supports informed decision making by clients.

4.B.1.4.1 The provider publishes basic product information, including pricing, at branch or agent locations, or digitally as applicable.

4.B.1.4.2 The provider communicates APR/EIR (or MPR if the majority of loans are under 3 months) in the Key Facts Summary and/or the loan contract.

4.B.1.4.3 The provider's communications are in simple local language; oral information is used for less literate clients.

4.B.1.4.4 The provider's marketing materials do not deceive or mislead clients.

The provider must give sufficient clear information at the right time to facilitate informed decision-making. Field staff should be trained (refer to 5.C.2.2.3) to discuss terms and conditions with clients on several occasions during the product sales and application process. Staff should know how to evaluate client understanding, for example, using a set of conversational questions that can indicate to the staff whether clients understand the information that has been shared with them and are able to apply it as they use their financial products.

Detail 4.B.1.4.1

The provider should make the main characteristics of its products (e.g., term, minimum and maximum amount, price, product purpose, terms etc.) of its products available to the public so that potential clients can make informed decisions about whether or not to buy the product. Prices should be published in the public domain (e.g., branch poster, website, agent’s shop etc.).

The clients must receive the information before they sign the contract and have as much time as desired to review the information prior to signing the contract.
Ideally, the client decides when to approach the provider to proceed with the process of committing to a product after having had enough time of at least 24 hours to review the information and consult with any trusted advisor(s).

Other forms of communication include radio and television advertisements, SMS messages, in App notifications, product descriptions, and illustrative examples of calculation on the provider’s website or mobile App, if applicable. This information should be published in all the places where clients go to receive information about the products on offer, for example if the FSP has branches, agents, and an App it should offer this information in all of those places. If the FSP does not have one or more of those venues for its clients e.g., fintechs that only have digital operations, then the provider should offer the information through the channel it uses to communicate with its clients, such as the App. For example, the information on the provider’s website is not a client facing channel, if only 5% of the country’s population has access to the internet. Likewise, if the App contains very clear and detailed information but it is not a sufficient disclosure, if only 3% of the clients have downloaded it.

Detail 4.B.1.4.2

For loans, information should be disclosed using either APR or EIR. For example, it is not sufficient if the brochure indicates a loan price of 2% per month without listing the APR. In addition to quoting the interest rate in APR or EIR, it is useful for clients to see the interest rate in the form most often used in your market (e.g., flat rates in MENA, CAT in Mexico, TCEA in Peru, TEAC in Bolivia, etc.). Pricing data must be regularly updated in all public communication channels and materials.

Detail 4.B.1.4.3

If the country is very linguistically diverse (e.g., India, Guatemala, Kenya), the provider should address linguistic diversity in a pro-client way such as by hiring loan officers that speak the local languages of the clients and can explain the official documents in those languages. The provider may also offer recordings of an explanation of the loan terms or Key Facts Document in various local languages and post those recordings in places accessible to the clients e.g., on TV screens in the branches or through the provider’s App etc. Sometimes, local written languages may be complex, compared to the usual way it is spoken. The internal audit team should ensure with its loan officers or with some clients that the way the contract is written is simple, even in local language.

The provider should have clear and specified procedures for treating low educated clients or clients with difficulties to understand (e.g. migrants) and employees should receive a training on how to communicate contract terms and conditions with all client segments.
It should use the simplest language possible to convey the product information to the clients by considering their low levels of literacy and financial literacy. Clients should always have an option to receive oral product explanations in case they are illiterate, such as a hotline, a customer representative at the branch, their loan officer, or a video recording.

Detail 4.B.1.4.4

The information made available to the public should be useful for client decision-making. Advertisements should not be misleading, but accurately present product terms and conditions.

Scoring guidance

Detail 4.B.1.4.1

Score ’yes’, if the provider offers basic product information that is (1) clear and sufficient (covering all aspects listed in 4.B.1.1 and 4.B.1.2), accurate, and up-to-date, and (2) delivered through multiple channels (at branch and agent locations and/or digitally) to support informed decision-making by clients before they sign contracts.
Score ’partially’, if the first requirement is not fully met or only one communication channel is used. For instance, product information is insufficient not covering all aspects in 4.B.1.1 and 4.B.1.2 or product information is not clear or product information is not updated regularly.
Score ‘no’, if the first requirement is largely not met (e.g. product information is neither sufficient nor accurate or clear) or product information is contradictory on different communication channels.

Detail 4.B.1.4.2

Score ’yes’, if the provider discloses clearly either APR or EIR in its Key Facts Document and/or the loan contract for all loan products.
Score ‘partially’, if APR or EIR is not disclosed for all loan products in the contract or Key Facts Document.
Score ‘no’, if APR or EIR is not disclosed in any loan contract or Key Facts Document.

Detail 4.B.1.4.3

Score ‘yes’, if the provider has integrated in its communication (1) simple language for all communication, contracts, and Key Facts Documents, (2) local languages, when applicable, and (3) oral language, when required.
Score ‘partially’, if the second or third requirement is missing or the three requirements are only partly met. For instance, contracts and/or Key Facts Documents are in complex language difficult to understand for clients.
Score ‘no’, if the first requirement is largely missed.

Detail 4.B.1.4.4

Score ‘yes’, if none of the marketing materials has proven to be misleading or deceptive for clients.
Score ‘partially’, if few marketing materials can be found to confuse clients.
Score ‘no’, if some marketing materials can be found to deceive or mislead clients.

Sources of information

Branch/field observations: observe/listen loan disbursement meetings; review any welcome kit materials that may be provided to clients in the moment of disbursement; visit agents or POS, if applicable. Additionally, listen to how branch staff and loan officers talk to clients and answer their questions to ensure that the oral communications also meet these criteria.
Interviews with field staff on how most clients receive their product information and check all the places to verify that in fact it is publicly available, in an appropriate language, and sufficiently complete and up-to-date to be useful.
Interview with random sample of clients.
All publicly available product descriptions: brochures, flyers, banners in the branches, website of the provider, accounts on social media.
Review of product application form, contract, the main product brochures, the Key Facts Document, the mobile app, the website, etc.
The procedures for treating illiterate clients and the training that employees receive in this regard.
Training materials (refer to 5.C.2.2.3) that describe how field staff should disclose product information to clients, any policy on transparency that may be included in the credit manual or another manual, potentially a documented process for communicating pertinent information to clients.
If the provider uses digital communication channels (e.g. website or App), request information on what percentage of the clients have access to those digital channels.

Evidence to provide

What type of information is provided and when is it provided, and if the information provided meets the criteria of being clear, sufficient, accurate and timely.
Demonstration that price information is publicly available and accessible to clients, and up-to-date.
Description of which pricing information is included and in which documents.
A description of the channels of communication that the clients can use to receive an oral explanation about the products on offer.

Resources for indicator 4.B.1.4.

Uganda regulatory Key Facts document
Egyptian regulatory Key Facts document
Key Facts Document Workshop and Example

4.B.1.5 If the provider uses agents, it verifies that they provide to clients sufficient documentation of their fees, terms of service, and cancellation conditions.

When agents are the only representatives of the provider to interact with the clients, and especially if the agents conduct sales for the provider’s products, the agents must provide the clients with the same level of product information and transparency they would receive from the provider itself. Customer Service or Internal Audit should have a process to monitor periodically the quality of the services provided by its agents.

Scoring guidance

Score ‘N/A’, if the provider does not use any agents.
Score ’yes’, if the provider (1) has a documentation shared with the agents to inform clients that is sufficient, clear, complete, and offered at the right time and (2) internal audit or customer services monitors regularly the agents’ compliance with this practice.
Score is ‘partially’, if the provider is not meeting one of the two requirements or is meeting both requirements only partly. For instance, monitoring of the agents is irregular or ad hoc.
Score ‘no’, if both requirements are not or hardly met.

Sources of information

Any policy documents or contracts that govern the relationship between the provider and its agents and describes the transparency practices and information sharing expectations that the provider has with regards to how the agents interact with its clients.
Agent monitoring process by the provider.
Field observations of agents’ interactions with clients.
Interviews with monitoring staff that visit agents and ensure they are complying with the provider’s expectations.

Evidence to provide

Reference the sections of the contracts or policy that describe the provider’s expectations regarding the agents’ disclosure of information to the clients.
Describe the system of monitoring that the provider has in place to ensure compliance with good practice among its agents.

4.B.1.6 If the provider offers savings, documentation includes the following:

i. Fees, including closure fees.
ii. Interest rate and how amounts will be calculated.
iii. Minimum and maximum balance requirements.
iv. Whether deposits are governmentally insured.

Transparency is also important for savings and deposits, including compulsory deposits and guarantee deposits held by the provider as part of the guarantee for the client’s loan product. The client has the right to know about the terms and conditions of the savings account and any fees or interest associated with the use of the account, e.g.: closure, withdrawal, below minimum balance, inactive account fees etc.

If the provider partners with any agent, the agent should offer the same documentation listed above. The provider should have a monitoring process in place to ensure that the agents comply with the level of disclosure described here.

How amounts are calculated refers to what basis is used for the interest rate calculation, such as daily balance or average balance over a given period, etc. In some countries, there is a regulatory requirement for providers to insure their deposits; in the event of a crisis, or of the provider’s bankruptcy, clients would still recover their deposits, usually up to a certain amount.

In the case of credit & savings cooperatives, transparency of the elected board members and the managers (often serving on an elected and rotating basis and working on a voluntary basis) towards the members correlates positively with the level of governance as outlined in Dimension 2. Members do often have savings, but also “share capital” which could be withdrawn similar to savings under specific emergency conditions faced by the member and her/his household concerned.

Scoring guidance

Score ‘NA’, if the provider does not offer savings or deposits.
Score ’yes’, if the provider discloses all four above-listed pieces of information, where applicable, related to its savings or deposit or current accounts.
Score ’partially’, if the provider discloses only three of the four above pieces of information or some information is missing for some savings products, where applicable.
Score ‘no’, if the provider discloses not more than just two of the four above pieces of information.

Sources of information

Saving contracts, Savings Key Facts Documents, saving products brochures and descriptions.
Client interviews to verify their understanding of their savings terms and conditions.
Interviews with the concerned staff, e.g., agents, field staff, savings product manager etc.

Evidence to provide

Reference of the documents provided to clients.
Description of which information is included and how it is disclosed to the clients.

4.B.1.7 If the provider offers payments, it gives the following information to clients who are initiating or receiving money transfers, or using other payment services:

i. Amount paid by sender, in sender's currency.
ii. Estimated exchange rate.
iii. Amount to be received in the destination currency.
iv. Fees.
v. Instructions for collecting payment.
vi. Cancellation conditions.
vii. Instructions for resolving errors.
viii. Transaction confirmation.
ix. Taxes.
x. Linked products (if any).

Definitions

Payment transactions can include bill payments and airtime top-up to mobile phone providers.

A bill payment is a money transfer to pay a bill. It can be scheduled on a predetermined date to pay for recurring bills.

An airtime top up is a payment made by a company to send a mobile recharge to a recipient’s pre-paid mobile phone call plan.

Linked products refer to any products that automatically come with the loan, such as credit life insurance premium, compulsory savings. If a compulsory savings is required to access a loan, this is considered a linked product and the terms and conditions must be specified in the contract (interest rate, accessibility of savings, whether the savings can be used in case of default).

The provider must clearly communicate all the ten above-listed type of information regarding payments services and transactions. The client should be fully aware of the amounts, fees, and instructions for transactions, whether receiving money, cancelling or confirming transactions, and whether there are conditions or limitations related to payment services.

Exchange rates are critical information for clients, as the differences between the amount sent and received can create confusion for clients using international transfers. Accordingly, the exchange rate at the time of transfer should be clearly indicated in the documents the clients receive upon sending and/or collecting the money. If the provider partners with any third party, the agent should follow the same rules listed above. The provider should have a monitoring process in place to ensure that the payment agents and third parties comply with the level of disclosure described here.

Scoring guidance

Score ‘N/A’, if the provider does not offer payments or money transfer services.
Score ’yes’, if the provider disclosures clearly all the ten above-listed types of information.
Score ’partially’, if at the minimum the first five of the ten above-listed types of information are disclosed clearly.
Score ‘no’, if not all of the first five types of information are disclosed or if the information is not clearly disclosed so that clients face challenges in comprehension.

Sources of information

Interviews with (1) staff who design the payment services, (2) agents that handle the payments, and (3) any staff that manage the relationship between the provider and the agents.
Signs, posters, receipts, brochures, and any documentation given to clients or being visible in the agent or branch where payment transactions are carried out that contains any of the ten above-listed types of information.
Interviews with clients who have used payment services, if possible.

Evidence to provide

Summaries of information from relevant interviews and documentation.

4.B.1.8 If the provider offers insurance, it gives clients the following information at the time of enrollment:

i. A certificate of coverage which states, at minimum, the premium, amount and term of coverage, who are the beneficiaries, which events are covered, any major exclusions, and when and how to file a claim.
ii. An explanation of the documentation required to prove damage, if applicable.
iii. Terms related to cancellation and prepayment, if applicable.

This indicator is applicable to both voluntary (or micro) and compulsory (mostly group or meso level) insurance. Group policies taken out by the provider in an agent-partnership agreement with an underwriter are bundled on a financial product, like loans ( credit life or credit life plus are the by far most common ones), savings or money transfer. Group insurance coverage apply to entire client segments: e.g. all active borrowers with a loan amount below 2000 USD for credit life (plus) or all agricultural loans below 1500 USD for agricultural input losses caused by flood and drought. Group insurance tend to be far more cost-efficient than micro insurance and are often the only affordable type of insurance for low-income clients.

The provider must ensure that clients understand fully their insurance terms and conditions at the time of enrolment, especially as insurance is a new product for many low-income clients. Insurance contracts may cause confusion due to the terminology, hence the provider is required to communicate all terms and conditions in simple language that clients can understand. For insurance bundled on a loan (or savings account), this information must be included in the related loan contract.

Features of the insurance product that should be shared with the clients include:

A Key Facts Document or certificate of coverage that includes the following information: (1) what are the events that are covered, (2) who is covered (such as, in addition to the client, his next of kin), (3) what assets and objects does the insurance plan cover, up to what amount, over what period of time, (4) whether there is any waiting period, etc.
The premium cost for the client, including all fees and taxes. In the case of a micro insurance products, the client has to pay the underwriter. In the case of an insurance group policy of the provider, the provider charges the client for the insurance coverage which is bundled on a loan or savings product.
List of excluded events (such as war actions, political turmoil or specific natural disasters; in the case of a life insurance, the most common excluded events are death by suicide or by a not disclosed terminal illness)
How to file a claim: whom to contact, period of time to file a claim, channels, where to find the claim form, documents required according to the claim type, how to follow up and how and in which timeframe the payout can be expected.
Beneficiaries (if there are beneficiaries beside the client) and what benefit would they receive.
Cancellation terms and conditions (penalties, fees, pro rata calculation, if applicable), what happens if the loan falls in default, etc.

Scoring guidance

Score ‘NA’, if the provider does not offer insurance services.
Score ’yes’, if the provider discloses clearly all three above-listed types of information.
Score ‘partially’, if at least the first type of information or most of the three types of information is disclosed clearly.
Score ‘no’, if most of the three types of information is not disclosed or the information is not clearly disclosed so that clients face challenges in comprehension.

Sources of information

Certificate of coverage or insurance contracts or other financial product contracts (on which group insurance are bundled) and the corresponding Key Facts Documents.
Documents given to clients upon enrolment, review client files.
Interviews with field staff, insurance agents (if applicable), insurance product manager.
Interviews with clients, if possible.

Evidence to provide

Reference to the insurance documents given to clients and key items shared with clients.

Resources for indicator 4.B.1.8

Smart Microinsurance-An Overview for Microfinance Institutions on Incorporating Client Protection Practices into Microinsurance

4.B.1.9 If the provider offers insurance, it provides beneficiaries with timely information during the claims process.

4.B.1.9.1 The provider notifies the beneficiary within 30 days of making a decision about the claim.

4.B.1.9.2 When the claim decision results in a settlement, the provider notifies the beneficiary within 30 days of the settlement. If the claim is denied, the provider notifies the beneficiary of the reason and gives an opportunity for appeal.

This indicator refers to the cases where the provider is either managing most of the insurance process (from sales, product explanations, client communication, premium collection up to the claims process) with the clients on a commission basis on behalf of an insurance company (referred to as agent-partnership model) or offering directly a credit life coverage (often referred to a social benefit fund) when there are non-enabling regulatory provisions for agent-partnership model. This indicator does not apply when the provider is just referring clients to an insurance company without any involvement in the insurance process.

This indicator is particularly important when the client is not the beneficiary (mostly a family member of the client) and the beneficiary may not know that the client had an insurance policy. For example, if the client dies, his/her spouse may not know s/he is covered under a credit life plus product. The provider should have a process in place to provide information to the beneficiary.

It is critical that when the client submits a claim, she/he receives regular updates on the status of the claim or, at a minimum, each time the claim progresses to the next step in the claim settlement process. The claim’s status can be:

New
Open
In process
Further documents / info needed
Processed, including the compensation amount awarded, how and when it can be expected
Rejected, including the reason for rejection, and any appeals process that may be available

Clients have the right to know the result of their claim in a timely fashion and to appeal the insurance company’s decision regarding their claims. Time frame should be listed in the insurance contract.

In case of settlement (being a payment that concludes a financial obligation): the provider should notify the claimant within 30 days with clear information on the compensation awarded, basis of the calculation, and how to collect the money.
In case of rejection: the provider should notify the claimant within 30 days with clear information about the reason of rejection; it should provide the client with an opportunity to appeal as well as channels that can be used to submit the appeal.

The provider should put this policy into practice and monitor its implementation. However, the provider should push the underwriter to decide on life insurance claims much faster, as clients often need the insurance pay-out immediately to cover funeral expenses. Depending on the business relationship, they could agree that the provider decides on claims settlement while the underwriter carries out regularly audits of a random sample of claims settled to control whether the provider complies with the terms and conditions of claims settlement.

Scoring guidance

Detail 4.B.1.9.1

Score ’yes’, if the provider has an effective system in place to notify all clients and/or beneficiaries within 30 days of making a decision about the claim.
Score ‘partially’, if there is any case where a client and/or beneficiary was notified only after 30 or more days of making a decision about the claim or if the provider does not have an effective system in place to notify clients and beneficiaries in time.
Score ‘no’, if many clients and/or beneficiaries were notified only after 30 or more days of making a decision about the claim.

Detail 4.B.1.9.2

Score ‘yes’, if the provider (1) notifies systematically all clients and/or beneficiaries within 30 days of the settlement and 2) offers an opportunity for all clients and/or beneficiaries to provide additional documentation or appeal the claim rejection.
Score ‘partially’, if the above two requirements are only partly met. For instance, the provider does not notify the clients and/or beneficiaries for all insurance products within 30 days or does not offer systematically to all clients and/or beneficiaries the opportunity to submit further documentation and/or appeal the claim rejection.
Score ‘no’, if the above two requirements are largely not met.

Sources of information

Insurance policy with the timeframe to settle a claim.
Interview with field staff, and with insurance agents, if applicable.
Interview with the product manager for insurance.
Interviews with clients that have had to file a claim, if possible.
Insurance claims process tracking system and the latest report on claims.
Insurance documents and related Key Facts Documents given to clients.

Evidence to provide

An explanation of the claims process and how the provider tracks claims and informs clients about the steps in the review process.
List the channels that are available for clients to submit information and those used to provide clients with information.
Explain what happens when a claim is rejected.
From the report on claims, what is the average time to process and settle a claim.

4.B.2 The provider communicates with clients at appropriate times and through appropriate channels.

Providers may provide full and complete product information to clients, but communicate it in a way that is difficult for clients to understand (e.g., complex legal wording, disclosing information in writing to illiterate clients). The way sales and product staff explain things to clients makes all the difference in whether clients can absorb the information and use it to make important decisions about their finances.

Clients should have time to review product information, to compare options, and to ask questions before making a decision. In order to do so, they need relevant product information at least 24 hours prior to signing a contract, opening an account, or making a payment. In practice, this means providing product documentation that clients can take home and review before the sale and prior to signing. The client must also have an opportunity to decline the product without being made to feel that they are already expected to sign the contract. The provider must inform clients before making changes to the terms and conditions specified in their contracts: for example, if the interest rate paid on savings changes or before their insurance policy expires, so that they are aware and have the opportunity to renew the policy and prevent a gap in coverage.

Furthermore, the provider must put in place a system for providing clients with accurate account information on demand. For some providers, an on-demand mechanism is delivered through online and/or mobile banking, which gives clients anytime access to their account information. Low-tech options include answering customer inquiries over the phone and in-person. Field and branch staff should have immediate access to up-to-date account information whenever they are interacting with the client. They should provide clients receipts—paper or digital (based on client capability and context) for all transactions. For loans with a group guarantee or a guarantor and group savings accounts, they should provide each member in the group or guarantor with total balance of the account at least quarterly.

Resources for essential practice 4.B.2

Svasti Transparent collections practices training document

4.B.2.1 The provider gives clients the opportunity to review the terms and conditions of products.

4.B.2.1.1 The provider offers a channel for clients to ask questions and receive additional information prior to signing contracts.

4.B.2.1.2 The provider gives clients notice and the opportunity to opt out before automatically renewing a voluntary product.

Clients need time to review product information, to compare options, and to ask questions so that they can make informed decisions. Clients should receive product documentation that they can take home to review and consult with a trusted person (e.g., spouse) before signing the contract. Twenty-four hours is a good rule of thumb for providing the client sufficient time to review the terms and conditions and ask clarifying questions before signing a contract. The provider should not pressure clients to commit to a product in less than 24 hours. Clients may choose to make quick decisions if they feel well informed. Additionally, the clients should not be made to feel guilty or ashamed if they change their mind or choose not to commit to the product.

To make informed decisions, clients need:

Sufficient time so they are not rushed
Channels and means to ask questions
Simple language they can understand

The channel for clients to ask questions can be a phone line to speak with the staff or a digital channel (such as a chatbot). The provider should offer multiple channels for clients to choose from: a website form, in-App messaging, a customer service representative at the branch, and a hotline or call center. The provider might offer leaflets or online Q&A information to cover most of the expected questions from clients, but this does not replace the clients right to ask direct questions to staff.

In case of product renewal, the provider should deliver advance notification, and give the opportunity to opt-out. A process should describe the period used for advance notification, the channels used, what is the timeframe given to the client to opt-out. Ideally the client should receive this notice at least two weeks before the renewal would take effect (and a remainder a week before), so that they can make a considered decision about whether or not to renew.

Scoring guidance

Detail 4.B.2.1.1

Score ’yes’, if the provider offers to all clients (1) all the contractual documentation upfront they are going to sign, (2) the explanations of the product terms and conditions in simple language that clients need for informed decisions (as related to previous indicators on transparency), (3) at least 24h to review the product/service offer, and (4) at least one channel for questions (the more channels the better).
Score ‘partially’, if the provider does not meet fully the above four requirements. For instance, clients do not receive the complete contractual documentation upfront or the explanations of the product terms and conditions are in complicated language difficult to understand for by some clients or clients are given less than 24 hours to review the product/service offer.
Score ’no’, if product terms and conditions are not understood by many clients or clients are not given any time to review the product/service offer or clients have no channel to access for questions.

Detail 4.B.2.1.2

Score ’N/A’, if the provider does not renew any voluntary product (deposits, insurance, debit cards, etc.) automatically.
Score ‘yes’, if (1) there is clear evidence that clients have an opportunity to opt-out and (2) clients receive notice at least 2 weeks before.
Score ‘partially’, if one of the two requirements are not met.
Score ‘no’, if both requirements are not met.

Sources of information

Transparency checklist, any checklist that field staff use to ensure they fully inform clients.
Leaflets or contracts or Key Facts Documents or other materials given to the clients to explain the product they are considering.
Branch/field observations:

Attend the process from sales to signing, to determine if the client has sufficient time and clear complete materials to review before signing.
Verify that clients are given the necessary time and information to understand and consider their options before they sign the contract.
Verify that they know how to get their questions answered before they signed the contracts, and they knew the channels that they could have used to ask question.

Renewal policy and procedure for each voluntary product.

Evidence to provide

Description of what type of documents are shared with clients.
Description of the communication channels used by clients to ask questions.
In the case of automatic renewals, relevant documentation (policies and procedures) and how the provider ensures client information and opportunity to opt-out.
Summary of relevant results from the random sample interviews with branch/field staff and clients.

4.B.2.2 The provider gives clients a completed, signed copy of the contract and makes the contract accessible anytime in an online account or in physical form.

As soon as a contract for a financial product is finalized, the client should be provided with a copy of the fully executed contract. This contract can be a physical or digital copy (depending on the context and the client’s preference), but it must be complete, with no blank space and signed by both the provider and the client.

In the case of digital loans, the provider saves the Key Facts Document and the loan agreement in a client account that the client can easily access anytime. This may be on a client's device or in hard copy, but internet links alone are not sufficient.

Scoring guidance

Score ’yes’ upon verification that (1) clients actually receive or know how to access their final complete contracts with no blank fields and signed by both parties and (2) in terms of being available at any time, the contracts can be given in physical form or it can be provided in digital form and stored in the clients’ accounts online, which clients could access through the mobile App, if this access is simple and understood by the client.
Score ’partially’, if the provider meets only one of the two requirements.
Score ‘no’, if the provider does not meet both requirements.

Sources of information

Transparency checklist, any checklist that field staff use to ensure they provide everything to clients.
All documents provided to clients.
Financial product policy & procedure manuals.
Interviews with concerned staff’ (trainers and loan officers).
Interviews with clients (to verify if they received their complete contracts).
Review of random sample client contracts.

Evidence to provide

Results from the document checks and from the interviews with clients and staff.

4.B.2.3 The provider gives clients clear and accurate account balance information in the following ways:

4.B.2.3.1 Providing access to their up-to-date loan or savings balance upon request.

4.B.2.3.2 Sending automatic messages to clients whenever there is an automatic deduction from the client account.

4.B.2.3.3 Providing receipts, on paper or electronically, for every transaction.

Clients have the right to understand their financial position in real time so they can best plan their financial transactions. The three details describe the ways in which the provider needs to share information with its clients or make it available to them upon request in either physical or digital form, depending on the provider’s capabilities and the clients’ preferences and capacities. All these elements should be provided with no additional fee for clients. If the provider considers it to be costly, then it should be integrated in the overall pricing strategy of products.

Clients should know the channels and means through which they can access their accounts balances / details. The main determinants here are:

Accessibility: the provider should offer multiple channels through which clients can receive information so clients can pick one that is convenient and accessible for them.
Accuracy: Up-to-date and accurate account information.
Timely information: clients should be notified about any transaction on their accounts, especially in the event of automatic deductions so they can plan their other transactions accordingly.
Documentation: providing clients with confirmations of transactions, whether through paper or electronic receipts is necessary.

Scoring guidance

This applies to both loans and savings products, and includes also payment services for 4.B.2.3.3.

Detail 4.B.2.3.1

Score ‘yes’, if the provider has an effective system in place that offers all clients access to their up-to-date loan and savings balances upon request via multiple channels.
Score ‘partially’, if the provider’s system to offer access to up-to-date loan and savings balances is not functioning very well or if client can access one channel only.
Score ‘no’, if the provider has no system in place to provide up-to-date loan and savings balances.

Detail 4.B.2.3.2

Score ‘N/A’, if the provider does not make automatic deductions from client accounts.
Score ‘yes’, if the provider sends automatic messages to all clients whose accounts were deducted automatically.
Score ‘partially’, if not all clients receive automatic messages about automatic deductions from their loan and savings accounts.
Score ‘no’, if the provider does not send automatic messages to clients upon automatic deductions from their loan and savings accounts.

Detail 4.B.2.3.3

Score ‘yes’, if the provider offers all clients receipts - on paper or digitally - for every transaction.
Score ‘partially’, if the provider offers receipts not for all types of transactions or not to all clients.
Score ‘no’, if the provider does not offer receipts for the transactions of clients.

Sources of information

Accounts management policy & procedures.
Branch/field observations and interviews with clients and branch/field staff to verify that this happens in practice.
Review of the mobile App, if applicable.

Evidence to provide

Description of how the provider communicates up-to-date account balance information with clients.
Description of the information available to clients and when the information is available by which channel.
Results from the interviews with clients and branch/field staff.

Resources for indicator 4.B.2.3

Gatsby Microfinance LTD. Provides Transparent Loan Information

4.B.2.4 If loan repayments are automatically debited from a client account, the provider sends clients a loan repayment reminder at least one day before loan repayments are due.

The repayment reminder is important so that the client can plan his transactions accordingly.

If the provider uses a third party to send SMSs to clients, the time frame for reminders and notifications should take that into account in case it delays delivery of the messages. The provider is required to verify the efficiency and the accuracy of the systems it uses to ensure that delivery of the notifications happens with enough lead time for the clients to take action and avoid any penalties. This also applies if the provider uses bank transfers based on agreements with clients and banks in which the clients have accounts.

Scoring guidance

Score ‘N/A”, if the provider does not apply automatic deductions for loan repayments by debiting client accounts.
Score ’yes’, if the (1) provider and/or its agent notifies all the clients of each automatic debit transaction (2) not later than 24 hours before loan repayments are due.
Score ‘partially’, if one of the two requirements are not met. For instance, not all clients receive a notification or client receive a notification within less than 24 hours of the automatic account debiting.
Score ‘no’, if the provider does not notify clients about automatic deductions for loan repayments.

Sources of information

Communication process /procedures (pay attention to the time frame conditions).
Channels used to notify clients about upcoming payments and/or deductions on their accounts.
Interviews with staff who handle payments, IT, and client reminders.
Interviews with client whose accounts have been debited to ensure that they are notified at least 24 hours before the due date.
Contracts with third parties, if applicable.

Evidence to provide

Reference to the part of the contract that covers this point in case of third-party agreement.
Results from observation, review of documents, and interviews with staff and clients.

Standard 4C. The provider enforces fair and respectful treatment of clients.

Providers and their agents must treat their clients fairly and respectfully. They will not discriminate. Providers will ensure adequate safeguards to detect and correct corruption as well as aggressive or abusive treatment by their employees and agents, particularly during the loan sales and debt collection processes.

Resources for standard 4C

This standard has 3 essential practices:

Essential practice 4.C.1: The provider's code of conduct requires fair and respectful treatment of clients.
Essential practice 4.C.2: The provider does not use aggressive sales techniques.
Essential practice 4.C.3: The provider protects clients' rights to respectful treatment during the loan collection process.

4.C.1 The provider's code of conduct requires fair and respectful treatment of clients.

Code of Conduct

An institutional Code of Conduct (or Code of Ethics) helps employees practice fair and respectful treatment of clients by defining clear standards of professional conduct that they must uphold. It should spell out expected behavior as well as the sanctions for violations of the Code. A written Code does not guarantee ethical conduct, but it is a first step toward formalizing an ethical organizational culture.

The Code should apply to all board members, managers, staff, and third-party providers (e.g., agents, debt collectors), to ensure that clients are protected when interacting with anyone working on behalf of the provider. All should sign it to formalize their agreement to abide by the ethical expectations described in the Code and receive training on it

The provider needs to train its agents, if they are not yet trained well by the third-party providers concerned on comparable Codes.

Training on the Code should use “real life” examples that highlight situations in which compliance with the Code may be difficult (e.g., when dealing with disrespectful clients; when asked by another staff member to commit minor fraud). For example, Sahayata Micro Finance Pvt. Ltd (India) uses “Customers’ Rights and Responsibilities Illustrations”—a series of simple pictures and texts that demonstrate five client rights and five client responsibilities, allowing trainees to discuss each scenario. Trainees are asked to read the card and decide which customer right is supported or violated by the behavior described. The cards are used to stimulate discussion among small groups of trainees and to test understanding of ethical behavior.

Non-discrimination

Few providers have a complete non-discrimination policy that protects all the types of clients. Most do not expressly want to deny clients’ rights, but they are unaware of how institutional policies and staff behavior affect certain clients or they know they need to have a non-discrimination policy, but certain protected categories are sensitive given the region’s religion or cultural norms and therefore have been left out, e.g., homosexuality. Providers should put in place a non-discrimination policy to make clear the its expectations and to standardize behavior across all employees.

Discrimination is different from targeting clients for inclusion in a program (e.g., loans to women, savings accounts for youth). Targeting generally corrects an existing problem of exclusion, whereas discrimination involves treating a client or potential client differently and less favorably based on personal characteristics or affiliations. Terms and conditions for individuals should only differ based on: 1) risk-based analysis (e.g., rural farmers in frequently-flooded areas might be deemed too risky, or loans might be less expensive for repeat clients with stellar repayment histories); 2) target markets defined in the mission statement (e.g., “our mission is to serve youth in urban areas”); or 3) accommodations based on special needs (e.g., a person with limited mobility repays monthly instead of weekly, given her difficulty getting to the branch). Such differentiation should be applied consistently and transparently.

4.C.1.1 The provider's code of conduct states the organizational values, standards of professional conduct, and treatment of clients that it expects of all employees, and defines the sanctions to apply in case of a breach.

Both, employees and clients must understand the determinants of professional behavior and what can be allowed and what is not allowed in the work environment, especially in client relationship management. The Code of Conduct/Ethics (or any similar document) is considered the basis for this, as it is a document that should be approved by the Board of Directors and must be circulated to all employees. Board members, managers, employees, and notably new staff, must be trained on how best to comply with the Code. The Code or another policy must spell out the sanction for violations reflecting the zero tolerance regarding any breach, considering the severity/level of the violation when determining the sanction. It serves as a warning to employees to prevent them from bad behavior.

Scoring guidance

Score ‘yes’, if (1) there is a written document approved by the Board that formalizes clearly (2) the provider’s expectations regarding ethical behavior and (3) the sanctions for breaches of these ethical standards, (4) managers and staff understand well the expected ethical behavior and the sanctions for breaches, and (5) the sanctions for breaches are enforced consistently.
Score ‘partially’, if the five requirements are not fully met. For instance, there is no written document or the staff understand the expected ethical behavior only poorly or the sanctions for breaches are poorly enforced.
Score ‘no’, if the provider has not defined (formally or informally) its expectations regarding ethical behavior and the sanctions for breaches of these ethical standards.

Sources of information

Code of Conduct: the document may have different names, such as Organization Charter, Book of Rules, Code of Ethics, Code of Conduct etc.
Sanctions policy for breaches of the ethical standards.

Evidence to provide

List the name of the document(s) that contains the 1) expectations of staff behavior and 2) the sanctions for violations of these expectations and summarize what they are.

Resources for indicator 4.C.1.1

Smart Campaign Smart Note on Compartamos

4.C.1.2 The provider's policies prohibit the following:

4.C.1.2.1 Corruption, theft, kickbacks, fraud

4.C.1.2.2 Client intimidation: using abusive language, using physical force, limiting physical freedom, sexual harassment, shouting at the client, entering the client’s home uninvited, publicly humiliating the client, using threats

4.C.1.2.3 Discrimination against all internationally recognized Protected Categories. [Note: Protected Categories are as follows: People over 40 years old; Sex; Race/ethnicity/national extraction/social origin /caste; Religion; Health status, including HIV status; Disability; Sexual orientation; Political affiliation/opinion; Civil/marital status; Participation in a trade union.]

Only by having an explicit policy in place can the provider ensure adherence by staff to these expectations, dissemination during trainings, and eventually control by Internal Audit.

As a complement to setting ethical standards of behavior with clients, the provider should have a client non-discrimination policy that prohibits discrimination on the basis of “Protected Categories” as defined by the International Labour Organization which include in particular ethnicity, gender, age, disability, political affiliation, sexual orientation, caste, and religion. However, some of these categories are not protected by law in some countries. For example, “caste” is only applicable in South Asia and does not need to be included outside that region.

In particular, unacceptable behaviors such as client intimidation should be clearly listed in an official document, to set clear expectations from staff, to be able to communicate them to clients (see indicator 4.C.1.3), and for Operations to have a reference for control and for Internal Audit to audit compliance.

Scoring guidance

Detail 4.C.1.2.1

Score ‘yes’, if (1) the provider has one or several written and clear policies (preferably approved by the board) that prohibit(s) corruption, theft, kickbacks, and fraud and outline(s) sanctions for each type and level of violation, (2) all employees are trained and aware of the policies, (3) compliance with the policies is checked and audited regularly, and (4) the sanctions are effectively enforced.
Score ‘partially’, if the above four requirements are not fully met. For instance, the policies are rather vague without defining clearly the actions prohibited and the corresponding sanctions or the employees are not fully aware of the policies or Internal Audit does not carry out compliance audits or the sanctions are not consistently enforced.
Score ‘no’, if the above four requirements are largely not met. For instance, lack of written policies and/or employees are largely not aware of it and/or compliance is not checked/audited and/or sanctions are not enforced.

Detail 4.C.1.2.2

Score ‘yes’, if (1) the provider has one or several written and clear policies (preferably approved by the board) that prohibit(s) client intimidation (like listed in the above detail) and outline(s) sanctions for breaches, (2) all employees are trained and aware of the policies, (3) compliance with the policies is checked and audited regularly, and (4) the sanctions are effectively enforced.
Score ‘partially’, if the above four requirements are not fully met. For instance, the policies are rather vague without defining clearly client intimidation and the corresponding sanctions or the employees are not fully aware of the policies or Internal Audit does not carry out compliance audits or the sanctions are not consistently enforced.
Score ‘no’, if the above four requirements are largely not met. For instance, lack of written policies and/or employees are largely not aware of it and/or compliance is not checked/audited and/or sanctions are not enforced.

Detail 4.C.1.2.3

Score ‘yes’, if the provider (1) has a written and clear Client Non-Discrimination policy that spells out all of the ‘Protected Categories’ (listed in the above detail), (2) has trained all employees on it, (3) controls and audits regularly compliance with this policy, (4) includes sanctions for breaches.
Score ‘partially’, if the above four requirements are not fully met. For instance, the policy is rather vague without defining clearly the ‘Protected Categories’ or the employees are not fully aware of the policy or compliance with the policy is not controlled and audited regularly.
Score ‘no’, if the above four requirements are largely not met. For instance, lack of a written policy and/or employees are largely not aware of it and/or compliance is not checked/audited.

Sources of information

Code of Conduct, HR policy, Client Non-Discrimination policy, loan collections policy, etc.
The document that contains the list of unacceptable behaviors in client relationship.
Check with Human Resources to verify if staff sign a document acknowledging that they have read, understood and agree to abide by these policies.
Employee files with confirmation that they have read and will abide by these policies.

Evidence to provide

Description / list of the unacceptable (and acceptable) staff behaviors towards clients.
The page number and name of the various documents where these lists are found.
The sections of the Code of Conduct / Collections policy / Loan Policy manual that cover corruption, intimidation, and discrimination.

Resources for indicator 4.C.1.2

4.C.1.3 The provider informs clients, verbally or in writing, about the prohibited behaviors found in the code of conduct.

Having a Code of Conduct alone is not enough to make the values “come alive.” The field staff need to be trained and monitored whether they comply with it. Field staff must be trained to inform clients consistently about the expected and unacceptable staff behaviors. Clients should understand of what staff behavior to expect and what is prohibited, so that in case they feel a staff is overstepping the boundaries, they clearly know they don’t have to suffer it and that they should report it to the provider.

Scoring guidance

Score ‘yes’, if (1) the written Code of Conduct spells out clearly expected and unacceptable staff behavior towards clients, (2) staff are well trained on and aware of it, and (3) all clients are verbally or in writing well informed about it. Preferably, clients are informed through both channels and staff is trained on how to explain it consistently to clients.
Score ‘partially’, if the above three requirements are not fully met. For instance, the Code of Conduct spells out expected but not unacceptable staff behavior or the staff is not well aware of it or the clients are not well informed or only some clients were informed.
Score ‘no’, if the above three requirements are largely not met. For instance, lack of a written Code of Conduct and/or employees are largely not aware of it and/or clients are not informed of it.

Sources of information

Any public material (e.g. branch posters or brochures) that explains client rights and expected and unacceptable staff behavior.
Transparency checklist, any checklist that field staff use to ensure they fully inform clients.
Staff orientation materials that discuss ethical/appropriate staff behavior and guidance for how to inform clients about the expected staff behavior.
Customer satisfaction / exit survey’s results.
Complaints’ reports.
Branch/field observations: how is this information conveyed to clients.
Interview with clients to verify whether they received this information.

Evidence to provide

References to the documents, oral explanations, pamphlets of customer rights and responsibilities.
Results from interviews with staff and clients.

Resources for indicator 4.C.1.3

Tujijenge Displays a Customer Service Charter

4.C.1.4 If the provider partners with third parties, it reviews the the third party's code of conduct prior to signing a contract to check for commitment to fair and respectful treatment of clients.

The goal of this indicator is to ensure that any external service providers are held to the same standards for fair and respectful treatment of clients as the provider. Third-party providers can be debt collectors, agent networks, MNOs, insurance companies, and other financial institutions such as commercial, development and microfinance banks, postal offices, etc.

Partnering with third parties or other service providers requires taking the necessary precautions to ensure that they share the provider’s commitment to client protection. The provider is directly responsible for verifying that the partners apply all necessary practices in terms of fair and respectful treatment of clients: the third-party provider is required to have a Code of Conduct - or any similar document - that governs the business conduct towards clients or their adherence to the provider’s Code of Conduct can be written into the contract that governs the relationship between the provider and the third-party provider.

This might require developing specific contractual terms for the partnership that cover client protection requirements. In some cases, providers can impose their own business conduct/ behavior and make it an integral part of the agreements and make additional efforts to train the third-party's staff on expected behavior towards clients. The two key questions are: (1) what is the policy/procedure that is in place for acquiring partners and third-party providers? and (2) how do providers confirm that all necessary steps have been taken so that the third-party providers comply with client protection?

In addition, it is the provider’s responsibility to monitor its external provider’s behavior towards its clients, including handling client complaints related to the services and treatment they receive from the third-party providers (refer to 4.E.3.3). The provider should review the Code of Conduct of third parties for commitment to respectful treatment of clients before they sign a contract.

Scoring guidance

Score ‘N/A’, if the provider does not use third-party providers in any of its processes.
Score ’yes’, if (1) the commitment to all expected rules for fair and respectful treatment of clients is part of the agreements between the provider and its third-party providers, (2) the staff of the third-party providers is well trained on how to treat clients fairly and respectfully, and (3) the provider monitors regularly the client treatment of its third-party providers.
Score ‘partially’, if the above three requirements are not fully met. For instance, the agreements between the provider and its third-party providers do not cover all expected rules for fair and respectful treatment of clients or the staff of the third-party providers are not adequately trained on how to treat clients fairly and respectfully or the provider does not monitor regularly the client treatment of the staff of its third-party providers.
Score ‘no’, if the agreements between the provider and its third-party providers fail to cover the expected rules for fair and respectful treatment of clients and/or the staff of the third-party providers are not trained on how to treat clients fairly and respectfully and/or the provider does not monitor the client treatment of the staff of its third-party providers.

Sources of information

All Contracts with third party providers.
Procurement / partnerships policies and procedures.
Interviews with managers of the relationships with the third-party providers.
Interviews with clients in relations with third-party providers, if possible.

Evidence to provide

All contracts between the financial provider and its third-party providers.
If available, quotes from the third-party providers’ Code of Conduct referring to fair treatment of clients.
Results from interviews with client and staff of third-party providers, if possible.
Results from internal monitoring systems.
Results from client satisfaction and exit studies.

4.C.2 The provider does not use aggressive sales techniques.

Aggressive sales techniques can be particularly damaging for low-income clients and those with limited financial capability, as they may be more likely to buy products due to sales pressure rather than because the product is a good “fit.” Aggressive sales can mean larger outreach and bigger portfolio, but it can also lead to higher rates of default and lower customer satisfaction when client’s end up with products they don’t need and/or do not understand. In recruiting new clients, the provider must never resort to deceptive or aggressive practices because it will not lead to healthy growth in the medium or long term.

Examples of aggressive sales include:

Putting pressure on a client to take a product she/he does not need/want like: calling every day, visiting the client’s home or business very frequently, following them in the street, etc.
Telling clients that there is a time limit on a specific offer (“you must sign today, because the price will go up tomorrow”).
Adding a side-product, bundled with a product the client has chosen, without informing the client (e.g.: adding an insurance without telling the client).
Continuing to pursue a client who has clearly declined a product.
Discouraging or preventing clients from consulting with a trusted person or from reading product information thoroughly (e.g.: the contract, etc.).
Intimidating or threatening the client (“if you don’t purchase life insurance, you are going to look like you don’t care about your family”).

Providers should define aggressive sales and put in place safeguards to prevent it such as monitoring and auditing staff compliance with expected behaviors by interviewing clients to ensure they were treated in keeping with the provider’s values and policies. The provider needs to ensure that it sets reasonable growth targets and uses incentives schemes that do not trigger aggressive sales. Providers should conduct market studies before setting growth targets, hence, sales should be within the acceptable growth targets and any sales outside the pre-set threshold, causes the provider to investigate.

4.C.2.1 The provider has internal controls to monitor whether employees or agents are engaging in aggressive sales.

This indicator’s goal is to ensure that clients are not pressured into buying products they do not need/want and/or do not understand simply because the field staff wants to meet his/her targets for sales or number of new clients. The first step in preventing aggressive sales is for the provider to define what “aggressive sales” means in their culture and context.

As a first layer of control, the Operations department should have means to control such behavior. Internal Audit or Risk department should also intervene when any indicators fall outside a set range. For example, higher than average amount disbursed could trigger visits to the loan officer’s newest clients to ensure sales were consensual.

Scoring guidance

Score ’yes’, if (1) the provider has defined what “aggressive sales” means and which clear indicators signal a risk of aggressive selling, (2) has effectively trained all branch/field staff on acceptable and non-acceptable sales techniques, and (3) is monitoring and auditing regularly the sales practices of the branch/field staff to identify any instances of aggressive sales based on the defined indicators.
Score ‘partially’, if the three above requirements are not fully met. For instance, no clear indicators are defined that signal a risk of “aggressive sales” or branch/field staff are not fully aware of acceptable and non-acceptable sales techniques or just limited corresponding monitoring and auditing.
Score ‘no’, if no indicators are defined that signal a risk of “aggressive sales” and/or branch/field staff are largely not aware of acceptable and non-acceptable sales techniques and/or no corresponding monitoring and auditing.

Sources of information

Document that contains the definition and the indicators that are used to monitor “aggressive sales”.
Interviews with branch/field staff on how sales are conducted, how difficult their sales targets are to reach, what are their commercial “tricks” to sell.
Growth targets, incentives' schemes and their related productivity ranges.
Sales prohibited behaviors.
Contents, methodology, and frequency of sales training.
Audit checklist.
Interviews with clients.

Evidence to provide

Provide the indicators that are used, and if any, the document where “aggressive sales” is defined.
Description of the monitoring mechanism, how often it is conducted, by whom.
Instances of “aggressive sales” identified.
Results from interviews.

4.C.2.2 The provider's incentive structure does not promote aggressive sales.

4.C.2.2.1 When front-line employees' salaries are comprised of a fixed and a variable portion, the fixed portion must represent at least 50% of total salary.

4.C.2.2.2 The provider monitors front-line employees' productivity ratios and investigates those that are above a predetermined threshold.

An incentive or bonus structure that encourages unrealistically high productivity can lead to “aggressive sales”. Pro-growth metrics take various forms including new clients, growth in number of loans, growth in size of portfolio, etc. Detail 4.C.2.2.1 ensures that employees are not dependent on incentives to secure enough income for basic survival, which could otherwise lead them to “aggressive sales” practices. This detail means that, at any point of time, incentives should account for a maximum of 50% of total salary and the fixed salary must be at least 50% (the higher the fixed share of total salary the better).

For loans, the incentives' structure should consider both sales and portfolio quality and preferably also the level of compliance with client protection practices. Portfolio quality should be at least as heavily weighted as growth, with growth represented by all the pro-growth variables used to calculate incentives. This ensures that sales staff will be careful as to disbursing loans that clients need and can repay.

Productivity ratios include at least (i) number and volume of disbursements per loan officer, (ii) number of active loans per loan officer, (iii) average loan size disbursed and outstanding, and any other relevant criteria. High performance may be due to an efficient loan officer, but it also could indicate over-selling to reach targets.

Scoring guidance

Detail 4.C.2.2.1

Score ‘N/A’, if the provides offer fixed salaries to branch/field staff and not a flexible incentives-based salary component.
Score ‘yes’, if the fixed salary of branch/field staff (1) is at least 50% of the total monthly salary at all times and also (2) represents at least a minimum living wage.
Score ‘partially’, if the first requirement is not met temporarily due to exceptional circumstances, like a new branch opening.
Score ‘no’, if the amount of bonus/incentive/variable salary actually paid to branch/field staff exceeds the fixed salary on a permanent basis and/or the fixed salary is below the minimum living wage.

Detail 4.C.2.2.2

Score ‘yes’, if the provider (1) has defined internal red flags for potential “aggressive sales” with clear indicators to determine if additional investigation is required, (2) monitors and audits branch/field staff productivity ratios on a monthly basis, and (3) has actually investigated and actions taken in case a red flag appeared.
Score ‘partially’, if the above three requirements are not fully met. For instance, no clear indicators for potential “aggressive sales” to trigger additional investigation or lax monitoring and auditing of branch/field staff productivity ratios or late/ineffective actions taken in case a red flag appeared.
Score ‘no’, if there are no indicators for potential “aggressive sales” to trigger additional investigation and/or no monitoring and auditing of branch/field staff productivity ratios and/or no actions taken in case a red flag appeared.

Sources of information

Incentives and staff performance evaluation policies and procedures.
Productivity ratios in the past year: number and volume of disbursements per loan officer, (ii) number of active loans per loan officer, (iii) average loan size disbursed and outstanding, and any other relevant criteria.
Conduct an in-depth analysis of at least 12 months field staff payroll to verify these percentages. Payments to field staff with breakdown of fixed salary and incentives and calculation of percentage of fixed salary / total salary.
Monthly branch reports on branch/field staff productivity ratios.

Evidence to provide

Description of the incentive schemes for branch/field staff.
Results of the productivity and payroll analysis.
Description of the red flags and monitoring process, how often and by whom.

4.C.3 The provider protects clients' rights to respectful treatment during the loan collection process.

It may be a challenge to convince some of the field employees to treat clients with fairness and respect during collections if this is perceived as weakness, complacency or a contradictory message to clients, or when they have the fear that there will lose options to get clients repay their loans. The provider must protect clients’ rights particularly during the challenging loan collection process by specifying clearly the ethical standards expected of employees during this phase of the credit process (including staff from third-party providers, if collections are outsourced).

Specify acceptable and unacceptable behavior

The Loan Policy & procedures manual(s) or a stand-alone loan collections manual should explain in-depth of what is acceptable and unacceptable behavior during collections and the steps to follow in the case of default, including the timeline (i.e., after how many days which specific action must be taken and after another x days what the following actions are). In addition to spelling out loan collection processes and identifying expected and prohibited treatment of clients, staff should receive training on both the policies and expectations as well as skills such as negotiating techniques, understanding clients, managing tensions, and reaching amicable agreements.

Put collateral policies in place

Delinquent clients have the right to fair and respectful treatment. The collateral seizing policy should specify when and under what conditions seizing collateral is appropriate. It should require that staff exhaust other options before moving on to collateral seizure and that they follow local laws (e.g., obtaining a court order). The policy should also prohibit staff from forcing clients to sell their own collateral to pay off their debt, as well as the practice of clients selling collateral to staff, agents, or anyone affiliated with the provider.

If the value of the seized collateral exceeds what the client owes (the outstanding principal + accrued interest up to 180 days + any penalty fees and legal costs), the difference must be returned to the client. Finally, if it is the provider's practice to keep collateral at branch offices, it must be kept in a locked room or secure area, and the location should be noted in the client’s contract.

It is important to make clients aware of collateral seizure processes before they take a loan. Doing so not only increases transparency for the client, but also creates greater accountability among staff, who will be aware that clients know their rights. The staff should allow the client to attempt to remedy the default. This policy applies to group and individual loans. In all client default scenarios, staff should not take any significant actions against the client (for example, collateral seizure) before taking the time to understand why the client has defaulted and discussing solutions for repayment. If seizure becomes absolutely necessary, it must be preceded by informing the client.

If using third-party agents to help in loan collections, the provider is ultimately responsible for the behavior of the agents’ staff who should be held to the same standards of conduct as the own staff. The provider should verify that the staff of the third-party provider(s) receive training on fair and respectful recovery practices. In addition, Internal Audit should verify a sample of clients delegated to third-party agents to ensure that collection practices in these cases were in compliance with the provider’s policy.

Put in place rescheduling and write-off policies

The loan collections policy should include guidelines for rescheduling or writing off loans. The policy should specify that rescheduling and write-offs should only happen on an exceptional basis, and not as a routine reaction to delinquency. List cases of specific examples of client distress that would call for rescheduling or refinancing (e.g., pandemics, major hospitalization, natural disasters, political turmoil, etc.) and those that would call for write off. As a further protection against over-indebtedness and abuse, assess client willingness to repay as part of the loan recovery process and require that rescheduling/write-offs are authorized by a higher ranked employee than the one proposing the rescheduling, refinancing, or write-off.

4.C.3.1 The provider's collections policy includes the following:

4.C.3.1.1 A list of appropriate and inappropriate debt collections practices, including collateral seizing practices.

4.C.3.1.2 A schedule for the collections process that allows time for the debt collector to determine the reasons for a client’s default and for the client to find solutions.

4.C.3.1.3 The provider informs the client prior to seizure of collateral, allowing the client to attempt to remedy the default.

4.C.3.1.4 A prohibition on sales of the clients' collateral to the provider, the staff of the provider, to their relatives, or to third parties involved in the seizing process.

Detail 4.C.3.1.1

The policy must define acceptable and unacceptable collection practices to clearly guide collection staff as well as the sanctions that will apply in case of a breach. It must prohibit the practice of forcing clients to sell its assets to repay their loans. The collateral seizure process should also be formalized so that clients are protected from staff overstepping their role and authorizations.

Detail 4.C.3.1.2

Understanding the reasons for the client’s defaults allow the provider to determine if it has contributed to the default (e.g. too much credit was given, incorrect loan capacity analysis, etc.) and whether the client is willing, but not capable, to repay. This knowledge allows the provider to determine an appropriate response to the client’s unique situation.

Detail 4.C.3.1.3

The clients’ collateral may be of great importance to their livelihood or wellbeing or income generating ability. The client must be given the opportunity to remedy the late payments prior to the seizing of the collateral with appropriate and advanced information. This fair treatment of the client will build loyalty and good will for the provider among the client, his/her family, and friends.

Detail 4.C.3.1.4

The provider should have a section of its Code of Conduct, in their employment contract, or in another policy that the staff signs about the importance of avoiding conflicts of interest. One of the types of conflict of interest that should be specified as prohibited is the sale of collateral to the staff or their friends and family in order for the clients to repay the provider.

Scoring guidance

Score ‘yes’, if a policy approved by the board (1) includes all elements listed above for each detail in clear language, (2) is understood fully by all staff concerned, and (3) is complied with by all staff involved in the loan collection process.

Detail 4.C.3.1.1

Score ‘yes’, if (1) a policy approved by the board lists appropriate and inappropriate debt collection practices, including the prohibition of forcing clients to sell assets , (2) all debt collection staff understand well the appropriate and inappropriate debt collection practices, and (3) comply fully with this policy.
Score ‘partially’, if the three requirements are not met fully. For instance, the policy is not covering all relevant appropriate and inappropriate debt collection practices or not all debt collection staff understand them well or limited policy compliance.
Score ‘no’, if there is no formal policy on appropriate and inappropriate debt collection practices exists and/or most debt collection staff hardly understand appropriate and inappropriate debt collection practices.

Detail 4.C.3.1.2

Score ‘yes’, if (1) a policy specifies the timeline and the step-by-step process to take for clients in default, including allowing sufficient time for the staff’s efforts to understand the reasons for the client’s default and guidance to identify when clients are willing but unable to repay and what solutions should be proposed to these cases, (2) all debt collection staff understand well this policy, and (3) comply fully with this policy.
Score ‘partially’, if the three requirements are not met fully. For instance, the policy does not cover all required aspects or is not specific enough or not all debt collection staff understand this policy well or only partially comply with it.
Score ‘no’, if there is no formal policy on the debt collection process and/or most debt collection staff hardly understand the debt collection process.

Detail 4.C.3.1.3

Score ‘N/A’, if the provider does not take any physical loan collateral.
Score ‘yes’, if (1) a policy stipulates that the client must be informed prior to the seizure of collateral to allow her/him to attempt to remedy the default, (2) all debt collection staff understand well this policy, and (3) comply fully with this policy.
Score ‘partially’, if the three requirements are not met fully. For instance, the policy is not specific enough or not all debt collection staff understand this policy well or only partially comply with it.
Score ‘no’, if there is no formal policy on the seizure of collateral and/or most debt collection staff hardly understand the process of seizing collateral.

Detail 4.C.3.1.4

Score ‘N/A’, if the provider does not take any physical loan collateral.
Score ‘yes’, if (1) a policy prohibits the sale of collateral of the client or her/his guarantor(s) to the provider’s staff, agents, or family, (2) all debt collection staff understand well this policy, and (3) comply fully with this policy.
Score ‘partially’, if the three requirements are not met fully. For instance, the policy is not specific enough or not all debt collection staff understand this policy well or only partially comply with it.
Score ‘no’, if there is no such formal policy and/or most debt collection staff hardly understand that they cannot sell the client’s collateral to themselves or friends.

Sources of information

The Loan Policy & procedures manual(s), the collections manual, the Code of Conduct, a documented process for collateral seizure, etc. Any of these documents or others is acceptable as long as it meets all the criteria of the scoring guidance.
Verify with clients and field staff that this is implemented in practice.

Evidence to provide

The name and page number of the policy or manual or other document where these debt collection practices are formalized and the verification of the application of the policies through observation and interviews with staff and clients.

Resources for indicator 4.C.3.1

4.C.3.2 The provider restructures or writes off loans on an exceptional basis, based on a list of cases of specific distress.

Loan restructuring and write off should not be an easy way out for poor repayment capacity analysis, but it should be offered to clients who are experiencing unexpected debt stress. The provider should have a policy or at least a formal process that defines:

A list of cases of specific distress under which clients can be granted rescheduling or refinancing or under which loans can exceptionally be written off (e.g., natural disasters, major hospitalization, political turmoil, etc.).
When these methods of last resort can be applied.
The eligibility conditions for granting loan restructuring, refinancing, and write-off.

The provider should always consider loan restructuring prior to seizing assets. In addition, loan officers must be aware of the possibility of offering loan restructuring to clients and provide those who meet the eligibility conditions with the information on how to apply. To avoid abusive use of restructuring by loan officers, the procedure should include the need for approval by someone higher up than the loan officer who conducts the restructuring process.

Scoring guidance

Make sure the scoring is consistent with the ones for 3.B.3.1 and 4.A.2.1.2.
Score ’yes’, if (1) a written document precisely lays out the cases of eligibility and conditions to be fulfilled for loan restructuring and write-off - one of these conditions is the approval by a supervisor, (2) loan officers are well trained on when and how to propose restructuring and write-off, and (3) regular monitoring and auditing of loan restructuring and write-off.
Score ‘partially’, if the three requirements are not met fully. For instance, the cases of eligibility and conditions for loan restructuring and write off are not specific enough or not all loan officers understand this policy well or only partially comply with it.
Score ‘no’, if there is no restructuring policy because the provider ‘never reschedules’ and/or written document on the conditions for loan restructuring and write off and/or loan officers do largely not understand this policy and/or if the provider takes legal actions against clients who have the will but not the ability to repay, without exploring the possibility of restructuring.

Sources of information

The Loan Policy & Procedures manual(s), collections procedure, write off policy, rescheduling policy.
Interviews with Head of credit and branch staff to gauge if practice differs from policy.
Review of the reports tracking restructured and written off loans.
Sample files from restructured loans.
Samples files from write off lists.

Evidence to provide

Provide the name of the document ruling loan restructuring and write-offs and describe the process and conditions. Provide examples of cases leading to restructuring and writing off loans.

Resources for indicator 4.C.3.2

Sample Rescheduling Policy

Standard 4D. The provider secures client data and informs clients about their data rights.

The privacy of individual client data is respected in accordance with the laws of individual jurisdictions as well as these international standards. Client data will only be used for the purposes specified at the time the information is collected from the client, or as permitted by law. Data security is a key component of confidentiality, especially in the digital age. The provider takes the necessary steps to ensure that client data is secure, including teaching staff and clients about the importance of data security and how to keep their information private.

This standard has 2 essential practices:

Essential practice 4.D.1: The provider maintains the security and confidentiality of client data.
Essential practice 4.D.2: The provider informs clients about data privacy and data rights.

4.D.1 The provider maintains the security and confidentiality of client data.

Providers have a responsibility to protect the privacy and confidentiality of the personal and financial information of their clients. Misuse of data such as client photographs, account numbers, and personal identification documents can have devastating effects on clients. If working with third-party providers that have access to client data—for example, insurance providers, payments agents, marketing firms—they should specify that they will maintain the security and confidentiality of client data. Monitor whether third-party contractors are honoring their commitment to data confidentiality, for example by inquiring about the security of their systems, interviewing clients about their experiences regarding data security (e.g., “Did the agent ask you to sign this privacy agreement?”), and testing the agent’s process through mystery shopping.

A process to safeguard data from misuse by former employees must be established like terminating the employee’s login credentials promptly at their departure, collecting all work equipment (laptop, building keys, etc.), wiping (erasing the information from) the employee’s personal devices (e.g., mobile phone) of company data, and other security precautions.

IT systems are also vulnerable to misuse calling for security measures to protect against unauthorized access to data—including passwords, access hierarchy, firewalls, and adequate software infrastructure. Change IT passwords periodically and structure access to data according to the position of the staff member accessing the data and their role. Additionally, back up IT systems daily, with at least one back-up stored securely off-site.

FUBODE (Bolivia) has a specific room assigned within each branch to store clients’ physical documents. Each of these rooms has smoke detectors, professional cameras, motion sensors, and fire-resistant filing cabinets to store clients’ physical documents. The room restricts access to only one staff member per branch. Additionally, the FSP invested an average of US $3,500 per branch to install in each branch surveillance cameras and a panic button for each cashier as well as an alarm system monitored by a third-party central office.

Information systems should ensure the security and privacy of client data by (1) restricting employees from taking home client files or copies of the databases, (2) keeping records of the names of staff who request and/or are granted permission to access client files outside of normal conditions (e.g., after working hours), (3) keeping hard-copy client files in a secure place, with controlled access. For example, FinDev’s (Azerbaijan) policy on data security states: “Loan contracts and copies of all other official documents regarding the client’s loan file are kept in iron cases in the room of finance manager. Other documents are kept in locked bookcases under supervision of respective loan officer.”

Plan for how to keep data safe in case of unplanned network downtime or emergency. A business continuity plan that covers several of the most likely scenarios—such as a security breach, network overload and slow down, or a natural disaster that shuts down power and connectivity—will help keep information safe during unexpected events when data could become vulnerable. Policies and procedures as well as IT systems such as firewalls and passwords help build the system necessary to ensure the safety of the clients’ data.

Finally, all product contracts should include a privacy clause that specifies how data will be used and protected. This clause should be included in plain language and prominently displayed in the contract—for example, not hidden in small print. it should also be included in the Key Facts Document. For savings products, it should be clear who has access to the client’s account; for credit products, clients should know whether their information will be shared with a credit bureau, or others, such as insurance companies or collections agents.

4.D.1.1 The provider has data security and confidentiality policies that cover the gathering, use, distribution, storage, and retention of client information.

Regardless of national regulation, providers should have a written privacy policy and procedures that govern the gathering, cleaning, processing, use, distribution, and storage of client information. The policy should explain how the privacy and confidentiality of client data is ensured.. It should specify the sanctions or penalties that will apply to any staff - also those who leave the organization - that violate the privacy policy—for example by misusing or misappropriating client data, leaking information, or exposing client data to third parties without client consent.

Scoring guidance

Scores ‘yes’, if the provider (1) has a written complete privacy policy (or formal documents) on how to ensure the confidentiality, security, and accuracy of clients' personal, transactional, and financial information covering the gathering, use, distribution, storage and retention of client information, (2) the staff understands well the privacy policy, and (3) the privacy policy is well enforced.
Score ‘partially’, if the three requirements are not met fully. For instance, the written privacy policy is incomplete or the staff does not well understand it.
Score ‘no’, if the provider has no written privacy policy (staff signing a confidentiality agreement upon hiring alone is no substitute!) and/or the staff is not aware of a privacy policy.

Sources of information

Review of privacy policies and processes that may be all in one document, or spread out in different operational manuals.
Interviews with IT department.
Check with field officers.

Evidence to provide

Specify the documents and page numbers where the policy addresses each of the components mentioned in the scoring guidance. Complete with feedback from interviews and potential breach in data confidentiality.

Resources for indicator 4.D.1.1

4.D.1.2 The provider maintains physical and electronic files in a secure system.

4.D.1.2.1 System access is restricted to only the data and functions that correspond to an employee's role ("least privilege" principle).

4.D.1.2.2 The provider controls employee use of files outside the office and the provider keeps records of the names of employees who request/are granted access to client files.

4.D.1.2.3 The provider defines a clear process to safeguard client data when employees leave the organization.

This indicator measures whether the provider and its staff keep client data in a secure system in line with the particular client data security practices required by the privacy policy. In particular, that safeguards are in place to prevent the theft and misuse of client data or identity by current and former staff, other clients, and external actors. The provider should also be protected against security breach, fraudulent access to its systems. Data security is critical to operational success and a positive reputation. Physical and digital data security are of equal importance and both must be planned for, implemented, and monitored to ensure client data is kept secure from misuse or exposure from internal and external actors.

Scoring guidance

Detail 4.D.1.2.1

Score ‘yes’, if (1) system access to client data is restricted effectively according to staff role and hierarchy and (2) the client data system access is monitored regularly.
Score ‘partially’, if the two requirements are not met fully. For instance, system access to client data is not consistently restricted to staff role and hierarchy or it is not monitored regularly.
Score ‘no’, if system access to client data is not restricted to both staff role and hierarchy.

Detail 4.D.1.2.2

Score ‘yes’, if the provider (1) controls effectively the use of files by staff outside the office, (2) keeps records of the names of staff who request/are granted access to client files, and (3) monitors regularly these two data use control systems.
Score ‘partially’, if the three requirements are not met fully. For instance, the log book for files taken out of the office is not consistently applied by all staff or the application of the log book is not monitored regularly.
Score ‘no’, if the provider lacks one or both control systems of client data use by staff.

Detail 4.D.1.2.3

Score ‘yes’, if the provider (1) has a clear effective process to safeguard client data from terminated or departing staff and (2) monitors regularly this process.
Score ‘partially’, if the two requirements are not met fully. For instance, the process to safeguard client data from leaving staff is not effectively implemented (e.g. not timely on the very day of departure) or it is not monitored regularly.
Score ‘no’, if the provider has no system to safeguard client data from leaving staff.

Sources of information

Branch observation of how employees access physical and electronic client files.
Interview with the IT Director or MIS manager.
Document listing the MIS profiles and their corresponding levels of access (authority matrix).
Any document ruling the circulation and safeguarding of physical client files.
HR and IT process at employee departure/ termination of contract.

Evidence to provide

Specify what types of systems are in place to ensure client data security.
Description of the monitoring process of logs to electronic systems, to client files and to safes.
Describe the process at the departure of an employee.
List documents and pages for each of the three details above.

Resources for indicator 4.D.1.2

Smart Campaign’s Smart Note on Caja Morelia

Field Example

Equitas Protects Client Data

Equitas (India) was the first MFI in India to have a core banking solution, TEMENOS-T24. This product is an extension of T24 Banking software, developed specifically for microfinance and the community banking sector. Client information is highly secured and well protected in TEMENOS, with defined user access and passwords. All back-office employees are trained in the usage of this system. Branch staff do not have access to client data, except what is necessary to handle collections through the collection sheets. Equitas has a distinct client filing system and safe storage of the client information files. Soft copies of client files are stored in the software while hard copies of client files and loan documents are coded, stacked, and kept secured at a data warehouse in Chennai. Equitas invests regularly in IT audit and maintenance to review client security.

4.D.1.3 The provider conducts a risk assessment to identify the data-related risks to clients. Minimum frequency: annual

The indicator measures whether client risks related to data security are identified and managed proactively to ensure that all necessary security and privacy controls are in use and updated at least annually. The risk assessment should identify any weaknesses in information security and privacy controls. If operations are significantly digitized then it should be done more often than once a year. A data risk assessment is also necessary when introducing a new product or feature, or after a data breach, to document lessons learned and improve controls and reduce the likelihood of a similar breach in the future. If the provider has not qualified staff (risk management department or audit) for data risk assessments, it must contract external specialists.

Scoring guidance

Score ’yes’, if the provider has conducted a (1) qualified regular client data risk assessment during the past 12 months, but preferably during the past 6 months when operations are significantly digitalized, and (2) qualified specific client data risk assessment following a data breach or the introduction of a new product or feature.
Score ‘partially’, if one of the two requirements are not met fully. For instance, the data risk assessment(s) is(are) not fully qualified or the last regular client data risk assessment has been conducted within the past 12 to 18 months only.
Score ‘no’, if the provider does not carry out regular client data risk assessments every 18 months or its client data risk assessment(s) are of poor quality.

Sources of information

Interviews with Risk Management department or Internal Audit department.
Annual plan for risk / audit / IT.
Data security policy or privacy policy.
Data risk assessment reports.

Evidence to provide

Description of who conducts the data risk assessment and how often.
Summary of the results of the most recent data risk assessment.
Page from the Risk department or Internal Audit department annual plan that requires the risk assessment.

4.D.1.4 If the provider works with third parties that have access to client data, the provider's agreements specify that third parties will maintain the security and confidentiality of client data.

Third parties must be held to the same standards of preserving security and privacy of client data. Any third party that gets access to clients’ information—credit bureau, agent network, insurance company, collection agencies, mobile operators etc.—must also keep client data secure and confidential. NDA (non-disclosure agreement) should be signed or should be part of the full agreement/contract with third parties. The non-disclosure agreement must cover expectations related to security and confidentiality of the clients’ data.

In the specific case of a credit bureau, the confidentiality needs to be addressed within the framework of what credit bureau are authorized to disclose. In any case, security of client data remains an important element to cover.

Scoring guidance

Score ‘N/A’, if the provider does not use any third parties.
Score ’yes’, if the provider (1) has agreements with third parties that cover the security and confidentiality of client data (or has corresponding non-disclosure agreements) and (2) monitors regularly compliance with client data security and confidentiality by the third parties and (3) no breach has been observed during the past year.
Score ‘partially’, if the first two requirements are not met fully. For instance, the agreements (or non-disclosure agreements) with third parties do not cover all the data security and confidentiality standards of the provider or compliance by all third parties is not monitored regularly.
Score ‘no’, if the provider’s agreements with third parties lacks its data security and confidentiality standards and there are no such non-disclosure agreements.

Sources of information

Review agreements with each third party.
Procurement policy/procedures.
Interviews with clients, if possible.

Evidence to provide

List all the third parties that may have access to client data and verify whether there is a privacy clause or NDA.
Provide a sample of the language in these agreements with third parties.

4.D.2 The provider informs clients about data privacy and data rights.

Providers should be careful stewards of clients’ personal and financial information to build trust with clients and a reputation as a responsible actor in the sector. Especially with the rise of digitalization, the protection of the security and confidentiality of client data becomes a much more extensive and intensive undertaking. Digital channels make control of the clients’ data more difficult because the provider can no longer rely on the safekeeping of the physical files to be enough to ensure its safety. In some markets this has been an issue for a decade while in other markets digitalization has only proliferated since the COVID-19 pandemic. However, no matter where the provider is in its journey toward digitalization, it is important to take staff and clients along on that journey by providing sufficient digital education so that both staff and clients have the necessary tools and knowledge to keep their personal and financial information safe.

Starting at the time of application, the provider should obtain client consent before sharing personal information with any external audience, including credit bureaus, family members, guarantors, insurance agents, collections companies, and marketing material (e.g., annual reports, website), or other public content. This encourages a relationship of trust and respect. For instance, the provider requires clients to name one beneficiary for their life insurance policy so as to safeguard the clients’ account from all other people who have not been named as the beneficiary.

When talking to clients, emphasize the clients’ own responsibilities for keeping data private, such as storing records in a secure location and not sharing personal identification numbers (PINs). Finamérica (Colombia) publishes a brochure for clients112 with tips for information security, including the following: avoiding bank employee impersonators, avoiding robbery, keeping debit cards secure, protecting personal information, and how to contact the bank if a security problem is detected.

Resources for 4.D.2

4.D.2.1 The provider explains to clients how it will use client data, with whom it will share the data, and how third parties will use the data. The provider receives clients' consent before using or sharing their data.

This indicator measures whether the provider has sought an environment of informed consent with its clients on the collection, use, and sharing of the client’s personal data. The sales process should include a clear explanation of how client data will be used or shared. If third parties such as the credit bureau, or an insurance company receive any piece of client information, clients need to be aware who will receive what information, and for what specific purpose these third parties use the data.

Examples of data sharing:

Reporting client data to credit bureaus.
Using client data for marketing, (client personal/individual data, stories and picture, quotes, satisfaction survey results....).
Selling client data to third parties.
Delegating collections of delinquent loans to specialized collection agency.
Using client geo-location data.
Using client personal data to inform loan decision (apps that look into your social networks, your contacts, your pictures...).

Scoring guidance

Score ’yes’, if the provider has an effective process in place to clearly inform all clients about (1) how it will use their data and (2) with whom and for what purpose it will share their data (3) PRIOR to the client’s signing of the contract/consent document and (4) monitor regularly the effectiveness of this process.
Score ‘partially’, if the four requirements are not met fully. For instance, the provider provides this information in full, but AFTER the client signs the contract, or the provider only informs the client to consult the credit bureau without mentioning that her/his own loan information and status will be shared.
Score ‘no’, if the provider fails to explain systematically to clients how and with whom it will use their data.

Sources of information

A template contract and/or a sample client loan application.
Listening to the sales pitch, contract signing, and disbursement to hear how staff address the issue of data privacy and consent.
Client interviews to gage their understanding of the use and/or sharing of their data.

Evidence to provide

Note when the data sharing is explained, and how, and how well clients understand the use and sharing of their data.

4.D.2.2 Information about data use and consent is easy for clients to understand.

4.D.2.2.1 When requesting consent from clients to use their data, the provider explains in simple, local language, either in writing or orally, how it will use the data.

4.D.2.2.2 The provider trains clients on the importance of protecting their personal information including Personal Identification Numbers (PINs), savings account balances and information on repayment problems.

4.D.2.2.3 The provider gives clients the right to withdraw their permission to use data and explains any consequences of withdrawal.

In addition to having secure internal systems for keeping client data safe, the provider must be completely transparent with clients about how (and by whom) their personal information will be used, and must get their consent before using or sharing their data. In the case of credit bureau consent, the provider has to explain both: (i) consultation of the client’s credit history and (ii) reporting the client’s credit information to the credit bureau. The client must give her/his consent at time of application since the credit bureau check will be done before signing the loan contract. The provider must also allow clients to retrieve and delete their data from the systems (right to oblivion), especially when a client opts out of a service. This is specifically important with digital financial service providers who may have access to external and private data from the client’s device.

Especially in cases where clients’ have low levels of literacy it is important to provide a clear and systematic explanation and confirm through Q&A that the clients understand the information imparted.

Scoring guidance

Detail 4.D.2.2.1

Score ‘yes’, if the provider has an effective process in place to (1) explain in simple, local language, either verbally or in writing, to all clients about how their data will be used when requesting their formal consent to use their data and (2) monitor regularly the effectiveness of this process. Note: Internet links to disclosure statements are not sufficient.
Score ‘partially’, if the two requirements are not met fully. For instance, not all clients are well informed about their data use (like group loan borrowers who missed the initial group meeting) or not enough effort is given to explain the data use to clients with low formal literacy levels or no regular monitoring on whether all client segments do understand the use of their data.
Score ‘no’, if the provider fails to meet the first or both requirements. For instance, a significant number of clients do not understand how their data is used and/or the provider informs clients only by internet links to disclosure statements.

Detail 4.D.2.2.2

Score 'yes’, if the provider has an effective process in place to (1) train all clients on the importance of protecting their personal information and on how to protect it, incl. Personal Identification Numbers (PINs), savings account balances and information on repayment problems, and (2) monitor regularly the effectiveness of this process.
Score ‘partially’, if the two requirements are not met fully. For instance, not all clients protect well their personal information or not enough effort is given to explain on how to protect their personal information to clients with low formal literacy levels or no regular monitoring on whether all client segments do understand on how to protect their personal information.
Score ‘no’, if the provider fails to meet the first or both requirements. For instance, a significant number of clients do not understand on how to protect their personal information and/or clients are neither systematically informed about the importance of protecting their personal information nor on how to protect it.

Detail 4.D.2.2.3

Score ‘yes’, if the provider has an effective process in place to (1) inform clients of their right to withdraw their permission to use their data, (2) explain any consequences of withdrawal, and (3) monitor regularly the effectiveness of this process. The right to withdraw access to data and what consequences come with withdrawal of data access should be included in the contract, or provided on any publicly available material, so that the clients can refer to it later.
Score ‘partially’, if the three requirements are not met fully. For instance, the provider informs clients only orally about their right and the consequences of withdrawing their permission to use their data or some clients have not been informed for whatever reasons about their right and the consequences of withdrawing their permission to use their data.
Score ‘no’, if the provider fails to meet the first two or all three requirements. For instance, a significant number of clients are neither aware of their right to withdraw their permission to use their data nor of the consequences of the withdrawal.

Sources of information

Contract template; loan application form; consent form (credit bureau, insurance, digital information accessed on the mobile, etc.).
Review of a few client files.
Interviews with clients and field staff.
listening to the sales pitch and signing stages of the credit process.
Check if this topic is covered in the training offered at group meetings or during the disbursement of individual loans.

Evidence to provide

Describe how each of these topics are addressed, by whom, in what format, and at what moment of the sales and signature process.
Results from interviews.

4.D.2.3 The provider notifies clients of their right to review and correct their personal and financial data.

Client data is personal and ultimately belongs to the client. The provider must have an effective system for updating clients’ data and informing them about their right to review/update their data and educate them on the importance of maintaining accurate information.

Scoring guidance

Score ‘yes’, if the provider has an effective process in place to (1) inform all clients about their right to correct and update their personal and financial data, (2) facilitate clients in correcting their data in convenient and effective ways, and (3) monitor regularly the effectiveness of this process.
Score ‘partially’, if the three requirements are not met fully. For instance, not all clients are informed about their right to correct and update their personal and financial data or clients face technical challenging in correcting their data.
Score ‘no’, if one of the first two or both requirements are not met. For instance, most clients are not aware of their right to correct their personal and financial data and/or most clients fail in correcting their data.

Sources of information

Observation of staff communication with clients.
Policy / process for updating/verifying clients’ data.
Interviews with customer service, MIS or database management etc.
Interviews with clients.

Evidence to provide

Description of data processing and review system.
Description of campaigns to update client data.
Results from interviews.

Standard 4E. The provider receives and resolves client complaints.

Open lines of communication between the provider and its clients are essential to building trust, resolving issues, and improving products over time. Providers should have multiple channels by which their clients can reach them to report a complaint. However, it is vital that managers and staff recognize that clients call or write for a variety of reasons aside from complaints e.g., with questions, to request additional products, to make suggestions, to request assistance, etc. A Complaints Handling Mechanism constitutes various convenient and affordable channels of communication to connect the provider to its clients for the benefit of both the clients and the provider. Staff should not see it negatively as a convenient way for clients to complain about staff.

This standard has 3 essential practices:

Essential practice 4.E.1: The provider has a complaints mechanism that is easily accessible to clients and adapted to their needs.
Essential practice 4.E.2: The provider resolves complaints efficiently.
Essential practice 4.E.3: The provider uses information from complaints to manage operations and improve product and service quality.

4.E.1 The provider has a complaints mechanism that is easily accessible to clients and adapted to their needs.

Providers must have a Complaints Handling Mechanism that allows clients to raise issues, make complaints, and ask questions. An effective mechanism allows for a timely response to clients, and it enables providers to address both individual and systematic problems. It empowers clients to deal with questions and problems, making it more likely that they will be informed, confident consumers. It also gives providers the opportunity to resolve questions and complaints before they interfere with client loyalty and retention. Many issues are fairly simple to resolve—for example, questions about insurance benefits or complaints about a non-responsive ATM—and are not worth losing clients. Responsiveness of the providers also makes it less likely that dissatisfied clients hurt their reputation in the market.

Whatever mechanism(s) chosen, providers must put in place a specific complaints policy that includes the following elements:

Resolution procedures: Define how to manage and resolve complaints, including what types of complaints can be handled by the person receiving the complaint (loan officer, branch manager), and what types should be referred to designated complaints personnel or management.
Reporting system: The system should ensure that employees register all complaints—for example, by using a numbered register or tracking in a database that allows to follow the case through to resolution, and to analyze complaints in aggregate.
Communication with agents: If clients have complaints about a third-party provider or agent (e.g., external collections agency, insurance company, digital POS), clients should be able to complain directly to the third party OR to you. Ask the external provider for access to client complaints made by clients. Clients see third-party providers and agents as an extension of their providers, so it is important to know about client complaints against the third-party providers. If third-party providers will not share an aggregated monthly list of the complaints against them, then the providers should train their clients to complain about the agents directly to them.
Defined timelines: quick responses to client complaints, ideally within 24 or 48 hours for most complaints and questions and within no more than a month of submission for serious/complicated cases. Resolution time should be based on the severity of the complaint. Many issues can be resolved on the same day they are raised. These issues include the “frequent questions/complaints” that all employees are authorized to handle. Others will require follow-up and investigation, such as accusations against an employee or problems using a product or service. Create a timeline for complaints resolution, including realistic but responsive timeframes for dealing with these different types of issues.

The Complaints Handling Mechanism refers to the process of recording a complaint in a database, recording the steps taken toward resolution, and documenting the final resolution. This process must facilitate analyzing the database of complaints to assist the provider in identifying trends and provider-wide issues. This process should be as automatic as possible. For example, each complaint is recorded in an internal database and is automatically assigned a reference number. Additional database entries are recorded when that complaint is “in process” (e.g., being reviewed by an Ethics Committee), and when it is resolved. The database should allow providers to easily aggregate complaints from all different channels and analyze them by type (e.g., loan questions, employee misconduct, problems with infrastructure), location, and other relevant factors. Ideally, the database will also generate reports on complaints trends – these should be shared with management and the board on a regular basis.

Inform clients on their right to complain

Inform clients of their right to complain and explain to them how to use the complaints mechanism(s). Provide a verbal explanation during the product application process—for example, at the time of the application interview, orientation sessions, and/or disbursement. At the same time, prominently display written information on how to submit a complaint in branch offices (posters, brochures) and/or in product documentation. For example, Equitas (India) prints on each client passbook phone numbers for the following people/agencies: Equitas’ CEO’s office, Equitas’ internal ombudsman, and the national regulator.

Make sure clients know how to bypass a particular staff member, especially their loan officer, to make a complaint—particularly if the complaint is related to that person. Also, inform clients about complaints mechanisms available outside of their providers, for example national networks, local ombudsman, or a self-regulatory organization such as a consumer protection organization.

The Complaints Handling Mechanism should make it possible for staff to inform clients when a complaint is resolved, and to stay in touch along the way if the resolution process requires client involvement or is taking a longer time. Clients should also be able to follow up on their complaint, if they have a question during the resolution process.

Research Indicates that Clients are not Informed on Complaints Mechanisms

Train employees

Provide training to employees on how the complaints mechanism(s) works. The training should cover how the complaints mechanism(s) works, the role of complaints staff, how to appropriately manage complaints until they are resolved, and how to refer them to the appropriate person for investigation and resolution. While all employees should memorize the customer service hotline number, for example, many other aspects of the training should be position-specific, as complaints handling responsibilities vary dramatically across the organization. For example, loan officers may be responsible for informing clients about the mechanism during orientation, referring clients to it during the loan cycle, and reminding clients about it during group meetings. The training (and the staff book of rules) should be very clear on the importance of using the mechanism(s) correctly, and it should specify sanctions for staff that will fail to report a complaint.

Verify that third parties (e.g., agent network managers) train their own representatives on how the complaints mechanism(s) works, the role of complaints handling staff, how to appropriately manage complaints until they are resolved, and how to refer them to the appropriate person for further investigation and final resolution.

4.E.1.1 Clients have a way to submit complaints to persons other than their loan officer/product officer and that person's supervisor.

The Complaints Handling Mechanism should allow clients to circumvent the person who is managing their product. For example, a borrower should be able to bypass loan staff and complain to a customer service representative, and a client sending payments should not have to complain to the sending agent, but rather have the option of calling a help line. Such mechanism protects clients from retaliation, burial or mishandling of the complaint. Most clients would rather suffer in silence than risk losing access to their financial products and services.

Scoring guidance

Score ‘yes’, if the provider (1) offers at least one convenient channel by which clients can submit complaints that allows them to circumvent their primary point of contact (e.g. their loan officer) and (2) monitors regularly the effectiveness of such channel(s) of the Complaints Handling Mechanism.
Score ‘partially’, if the two requirements are not met fully. For instance, only few clients use this channel or any other channel of the Complaints Handling Mechanism or the channel is not functioning well (e.g. hot line number is mostly busy) or the complaint response time is longer than indicated.
Score ‘no’, if clients can only submit complaints to their primary point of contact.

Sources of information

Complaints handling policy – complaints channels.
Interview with the complaints or customer service manager.
Interview with clients.

Evidence to provide

Description of all the channels by which clients can submit their complaints without going through their direct contact in the provider.

4.E.1.2 The provider has at least two complaints channels that are free of charge and accessible to clients.

The Complaints Handling Mechanism(s) should be adapted to clients’ needs and preferences, and it should be easily accessible for the majority of clients. Usually, this requires both a cost-free number that clients can call, as well as in-person customer service representatives. Complaints & Suggestion boxes are insufficient as illiterate clients cannot write suggestions/complaints, making a complaint in writing presents the added burden of travel to the branch, confidentiality is often limited, and these boxes were often only checked on a monthly basis. Providers should also offer other channels such as a complaints hotline, and make regular visits to client centers or businesses, or call some clients to inquire about any problems they may be experiencing. The channels must be convenient, accessible for illiterate clients, and allow the providers to respond in a timely way.

Scoring guidance

Score ‘yes’, if the provider (1) offers at least two different channels by which clients can submit complaints (2) which are for the clients free-of-cost and easy to use and (3), if applicable, at least one of those channels needs to be accessible to illiterate clients.
Score ‘partially’, if the three requirements are not met For instance, only few clients use these channels or one of two channels is challenging to use (e.g. poor internet access).
Score ‘no’, if one and/or both of the first two requirements are not met. For instance, clients have just one channel and/or no two channels are free-of-costs for clients.

Sources of information

Complaints reports.
Interviews with the head of complaints.
Interviews with customer service representatives/manager.
Complaints handling policy or matrix.
Interview with clients.

Evidence to provide

Description of all the active complaints channels that clients access and any costs associated with any of those channels.

4.E.1.3 The provider informs clients how to submit a complaint.

4.E.1.3.1 The provider displays information on how to submit a complaint in branch offices, at agent locations, in product documentation, and in all digital channels it uses to provide services to clients.

4.E.1.3.2 At the time when clients are applying to use a product, the provider informs clients on how to submit a complaint both to itself and to any third party partner.

The Complaint Handling Mechanism is only efficient, if clients know about it and are encouraged to use it. The details of this indicator explain the basics of how to inform clients about their right to file complaints, and how to do so. Providers can provide this information in a variety of ways that include in writing through loan contracts, a Key Facts Document, a brochure, via TVs and posters at the branches, social media, posters at agents’ locations, the website, digital channels such as the provider’s App, and orally during the product application and client orientation processes.

This includes how clients submit a complaint not only to their provider, but, if available, also to a self-regulatory organization or public sector ombudsman. Provider must inform clients about how to submit a complaint against third parties as well. This process should include at least 2-3 moments in the customer journey when the client receives this information so that they can internalize it. One of those moments must be the product application process.

If providers have branch offices, agent locations and/or digital channels, then they must include information on how to submit complaints at each of these locations.

Scoring guidance

Detail 4.E.1.3.1

Score ‘yes’, if the provider has a systematic process and visible means in place to (1) share information with all clients at all locations for transactions (each branch office, agent location, and digital channel) about their right to complain and how to submit a complaint differentiated by channel and (2) monitor regularly the effectiveness of this process.
Score ‘partially’, if the two requirements are not met fully. For instance, visible means are not available in all locations or not all clients have access to the visible means (e.g. group borrowers missing their initial group meeting) or explanations on how to submit a complaint do not exist for all channels.
Score ‘no’, if the first requirement is not met. For instance, there are no or some visible means at a few branch offices and not at agent locations and/or there are no or not comprehensible explanations on how to submit a complaint.

Detail 4.E.1.3.2

Score ’yes’, if the provider has a systematic process in place to (1) inform all clients on how to submit a complaint about their provider or its third-party (differentiated by channel) at the time when clients are applying for a product and (2) monitor regularly the effectiveness of this process.
Score ‘partially’, if the two requirements are not met fully. For instance, not all clients are sufficiently informed on how to submit a complaint or clients receive explanations on how to submit a complaint for some channels only thereby reducing their choice among channels.
Score ‘no’, if the first requirement is not met. For instance, most clients are not systematically informed on how to submit a complaint when applying for a product.

Sources of information

Any documentation given to clients that contains the customer complaints channels.
Interviews with clients to verify that they know how to make a complaint.
Interview with field staff to talk about the channels, when clients receive information about how to make complaints, and to understand the perspective from the field on the most used channels and most frequent complaints.
Observation in the branches to see how the complaints mechanism(s) is displayed to clients.

Evidence to provide

Description of the written and oral communication channels used to share this information.
Transparency checklist, any checklist that field staff use to ensure they fully inform clients.
Description of how the provider educates the clients about complaints submission, including title and page number of a policy or documented process if applicable.
Checklist of information to be communicated to the client, including informing the clients about complaints mechanism(s).

4.E.1.4 If the complaint mechanism initially handles complaints through automated means, the provider makes a channel with live, human interaction available to clients.

Human interaction is critical for many reasons:

Many clients do not trust the effectiveness of automated systems yet and prefer to communicate directly with an employee.
Some clients feel more confident that their complaints will be taken seriously if they are expressed to a human being.
The opportunity to listen to clients and understand the details of the situation can help the provider understand its clients' needs and challenges.
Clients may not be aware of how to use automated systems.
In case clients do not choose the right options, the provider needs to interact directly with the clients to ensure they can submit their complaint properly.

Scoring guidance

Score ‘N/A’, if complaints are not handled through automated means.
Score ‘yes’, if the provider offers a complaints channel with live, human interaction apart from its (initially) automated channel which is easily accessible and free-of-charge for clients.
Score ‘partially’, if the requirement is not met fully. For instance, few clients use the live channel as it is inconvenient and costly for them.
Score ‘no’, if the provider does not offer a complaints channel with live, human interaction.

Sources of information

Complaints handling policy and mechanisms.
Review and testing of how the automated complaints channel works.
Interviews with customer service and complaints handling staff.
Interviews with clients.

Evidence to provide

Description of the Complaints Handling Mechanism(s) and channels and confirmation that human interaction is possible.
Results from interviews.

4.E.2 The provider resolves complaints efficiently.

While complaints often focus on dissatisfaction—about not being approved for a loan, for example—the Complaints Handling Mechanism(s) may uncover more serious issues like employee fraud, mistreatment of clients, or other unethical behavior. It is critical that providers are able to correct mistakes, rectify omissions, and address activities that may be harmful to clients. In addition to responding to individual client issues, providers should be able to aggregate, analyze, and report on client complaints information. The designated complaints personnel should evaluate overall trends to identify any systemic problems that go beyond individual grievances. Chronic or repeating issues may call for changes to operations, products, and/or training in order to provide better service and rectify those areas that are frequent subjects of complaint. For example, recurring complaints about long lines in the branch may highlight the need to change the branch layout, open a new teller window, or provide digital channels. Regular complaints about being denied a loan in a particular branch may indicate the need to review how the field staff in that branch are conducting loan analysis or client targeting.

Management should review complaints data on a regular basis. Complaints reports should describe the number of client complaints received in a time period and over time, the mechanisms used to receive complaints (e.g., 60 percent of complaints received through hotline and 40 percent in the branch), and the issues raised by clients (e.g., interest rate complaints, confusion on savings product terms). Look for potential operational and product-related issues that are systemic and/or consistent over time, and discuss possible improvements to operations and products that would resolve those issues and reduce the number of similar complaints in the future.

Complaints data is a valuable form of market research. Providers should certainly employ other methods of market research to inform product design and delivery, as questions/complaints are biased toward clients with grievances against their provider. However, frequent client questions can reveal operational issues such as gaps in field staff knowledge, and complaints can spur product design ideas such as a grace period for loyal clients or a new home improvement loan. Such information, when analyzed and discussed by management, can also help providers narrow the focus of additional market research.

Finally, verify the effectiveness of the Complaints Handling Mechanism(s) on an ongoing basis. Internal Audit or some other controls team should conduct periodic checks to assess how many complaints are being registered—in order to test whether clients are using the system actively—and what actions were taken to resolve complaints. It is helpful to investigate a sample of complaints, which would include follow-up with clients, to monitor not only whether the issue was resolved, and how quickly, but also whether the client was informed of the outcome and satisfied with the result.

4.E.2.1 The provider's complaints policy identifies levels of severity and requires that severe complaints are escalated immediately to senior management.

It is critical to effective and strategic complaints handling to have types of complaints categorized by levels of severity, so that anyone who may receive a complaint directly from a client can escalate certain urgent topics directly to senior management or the Ethics Committee. For example, any instances of data breach, fraud, abuse etc. need to be taken very seriously and acted on rapidly.

Scoring guidance

Score “yes”, if the provider has a formal document or a policy for the management of client complaints that includes (1) an escalation policy ranking the types of complaints by severity and defining the person responsible to handle that complaint and (2) a process for escalating urgent/severe complaints to senior management, Internal Audit and/or an Ethics Committee who can resolve these more sensitive cases. (3) The provider monitors regularly the effectiveness of both the escalation policy and its process.
Score ‘partially’, if the three requirements are not met fully. For instance, the ranking of complaints is incomplete or the escalation process is not clearly defined.
Score ‘no’, if the client complaints are not ranked by severity and/or no process is in place to escalate urgent/severe complaints to senior management.

Sources of information

The complaints handling policy, with an escalation matrix.
Escalation policy, matrix (list of categories and responsible person).
Interviews with Complaints Handling Manager and field staff.

Evidence to provide

The title and page number of the complaints handling policy that describes how complaints are (1) categorized by severity and (2) escalated as needed, and summary/examples on how it is applied in the field.

4.E.2.2 The provider's complaints mechanism ensures that all formal complaints are registered in a secure system that reaches the complaints handling staff and/or management.

It is critical for providers to have a complaints mechanism that captures each and every incoming feedback from clients, and ensures no complaint can be hidden or buried. Without such a system it is extremely difficult, if not impossible, to ensure that all complaints are collected, tracked to completion, and analyzed for trends and action items that emerge from the data. It will also allow to consolidate and analyze the complaints they receive from all different channels. This applies only when clients use one of the existing formal channels, rather than when they use informal channels.

Scoring guidance

Score ‘yes’, if the provider (1) has a systematic process in place to enter client feedback from all channels into a database for registry and tracking, (2) a complaints handling staff reviews these complaints daily and provides solutions or escalates the case as appropriate, and (3) the effective functioning of this complaints database and handling process is monitored regularly.
Score ‘partially’, if the three requirements are not met fully. For instance, client feedback is registered and tracked just from the hot line and web-based channels, but not from the branch level or the complaints handling process is sometimes interrupted due to staff non availability.
Score ‘no’, if a central database to register and track all complaints does not exist and/or a complaints handling process is not in place.

Sources of information

Interviews with staff and managers responsible for complaints handling, data entry, data analysis, etc.
Branch observations.

Evidence to provide

Description of the process and system/software that the provider uses to collect and document its complaints, summary of observations, examples of the flow of information on complaints.

4.E.2.3 The provider resolves client complaints quickly.

4.E.2.3.1 The provider sends to clients a confirmation of receipt of their complaints and a notification when the complaint has been resolved.

4.E.2.3.2 If a provider receives complaints via call centers or chat, it monitors the average wait time.

4.E.2.3.3 The provider resolves at least 90% of complaints within one month. If the resolution takes longer than one month, the provider notifies the client of the reason for the delay.

The one-month delay is the high ceiling and takes into account complaints that can potentially require in-depth investigations. In the digital age it is important for providers to resolve their clients’ complaints quickly – usually within 24-48 hours to demonstrate that the provider is modern and responsive to its clients’ needs.

Scoring guidance

Detail 4.E.2.3.1

Score ‘yes’, if the provider has a systematic process in place of sending all clients (1) a confirmation receipt whenever they submit a complaint and (2) a notification when their complaint has been resolved. (3) The provider monitors regularly the effectiveness of its clients’ notification system.
Score ‘partially’, if the three requirements are not met fully. For instance, not all clients receive complaint receipts and/or resolution notifications or frequent technical problems with the automated client communication system(s).
Score ‘no’, if the provider has no system in place of sending complaint receipts and resolution notifications to clients.

Detail 4.E.2.3.2

Score ‘N/A’, if the provider has neither a call center nor a chat room for client complaints.
Score ‘yes’, if the provider (1) has a systematic process in place of monitoring the average wait time before clients’ calls or chats are answered and (2) monitors regularly the average wait time.
Score ‘partially’, if the two requirements are not met fully. For instance, frequent technical problems with the automated wait time measurement.
Score ‘no’, if the provider does not monitor the average wait time before clients’ calls or chats are answered.

Detail 4.E.2.3.3

Score ‘yes’, if the provider (1) has a systematic process in place of tracking the time used to resolve complaints, (2) resolves at least 90% of complaints within one month, (3) notifies clients of the reason for delay, if the complaint resolution takes longer than one month, and (4) monitors regularly the average complaints resolution time.
Score ‘partially’, if the second or third requirement is not met. For instance, non-achievement of the target to resolve at least 90% of complaints within one month or not all clients are notified when the resolution of their complaints takes longer.
Score ‘no’, if the provider has no process in place of tracking the time used to resolve complaints.

Sources of information

Complaints handling reports that specify the average length of time for complaints to be resolved, number of complaints that take longer than a month to resolve, average wait times for customers etc.
Complaints handling policy or documented process that outlines when customer’s receive notification from the provider during the handling of their complaint.
Reports on data and trends related to complaints handling and resolution.

Evidence to provide

List when the client received notification from the provider during the complaints handling process.
Note the average wait times for clients to receive attention in person and online.
Note the average time to resolve a complaint and how many/what percentages are classified as complicated, as well as the average time needed to resolve the complicated cases.

4.E.2.4 Complaints handling staff have access to relevant client data, including transaction details and notes from previous complaint conversations.

In order for complaints handling staff to be effective and efficient in their jobs, they need to have access to the relevant information about the clients who are calling to complain and their history of interactions with the provider. This is most easily done by providing access to the client management system, that allows the staff to view the clients’ information and the notes that other staff may have made in regard to the clients’ behavior or case details.

This indicator is especially relevant when complaints management is outsourced.

Scoring guidance

Score ‘yes’, if the complaints handling staff can access client data, including (1) transaction details and 2) any notes from previous calls with the provider.
Score ‘partially’, if the complaints handling staff has access only to the transaction details or notes from previous calls.
Score ‘no’, if the complaints handling staff has neither access to the transaction details nor to notes from previous calls and/or the provider has no complaints handling staff.

Sources of information

Review the screens that customer service representatives see when they are talking to a client, or entering a complaint.
Interviews with the complaints handling staff and manager.
Review the complaints handling policy or processes to see if it describes these things.

Evidence to provide

Describe the types of data that the staff has access to when they are handling a complaint from a client.

4.E.3 The provider uses information from complaints to manage operations and improve product and service quality.

Excellence in customer complaints handling requires a three step process that involves 1) collecting customer complaints from a variety of channels that are accessible and affordable for clients, 2) resolving these complaints in a timely fashion and in accordance with their severity and 3) aggregating and analyzing the customer complaints data on a regular basis to use this information to inform strategic and operational decisions that improve the customer experience and reduce the frequency of customer complaints about those topics in the future. Analyzing customer complaints data converts client’s questions and problems into business intelligence for the provider and allows it to improve client satisfaction and retention while improving customer service and product offerings.

4.E.3.1 The complaints system creates a report for management and customer care staff. Minimum frequency: monthly

In order to aggregate and analyze the complaints data, the provider should have a database that generates reports on summarizing complaints data collected by category, severity, time period, branch, etc.

Scoring guidance

Score ‘yes’, the provider has a systematic process in place (1) that generates at least monthly reports on the break-down of complaints data (by category, severity, time period, branch, etc.) and (2) to be analyzed by the complaints handling manager for attention to senior management.
Score ‘partially’, if the two requirements are not fully met. For instance, the reports produce a limited break-down of complaints categories or the complaints handling manager analyses the reports quarterly only.
Score ‘no’, if one or both of the two requirements are not met. For instance, no reports on complaints data are generated and/or no analysis of complaints data takes place.

Sources of information

Complaints reports and interviews with the complaints handling manager.

Evidence to provide

Summarize the type of information included in those reports and the frequency with which reports are generate, with whom those reports are shared and if management reviews them.

4.E.3.2 Management reviews complaints reports and key performance indicators (e.g., average time to resolve, percent resolved) and takes corrective action to resolve systematic problems leading to complaints. Minimum frequency: annually

Management must review the aggregated and analyzed clients’ complaints data and discuss at senior management level what organizational changes need to be taken to reduce customer complaints, improve their satisfaction, and respond to their requests. This may include improving client wait times, resolving the sources of client complaints, creating new products based on client feedback, or reinforcing staff training on a topic that generated numerous client questions etc.

For more reference, check out 2.B.2 Management makes strategic and operational decisions based on social and financial data.

Scoring guidance

Score ‘yes’, if (1) senior management team reviews the complaints reports at least annually and (2) has taken corresponding action in the last 12 months to improve operations.
Score ‘partially’, if senior management has last reviewed the complaints reports or has taken any corresponding action during the past 12 to 24 months.
Score ‘no’, if senior management has not reviewed the complaints reports and/or not taken any corresponding action within the past 24 months.

Sources of information

The two last aggregate and analyzed complaints reports that show trends in complaints over time.
Interview with complaints handling manager.
Interviews with senior management reviewing the complaint reports.

Evidence to provide

Describe the type of complaints reports reviewed and the frequency with which management reviews these reports.
List the KPIs that are included in the complaints reports.
Describe any actions that senior management has authorized and/or taken in the past two years that were taken in response to the data in the complaints reports.

4.E.3.3 If the provider partners with third parties, the provider helps its clients to resolve complaints they have with those third parties.

Any bad experiences clients have with third-party providers chosen by the provider reflect poorly on the provider. Therefore, the provider must ensure that its clients receive the same quality of care and respect from its third-party providers (e.g. agents) as it is offering to its clients. This requires that any client complaints about third-party providers reach the provider so that corrective action can be taken. Clients should be trained either to (1) report complaints about third-party providers directly to the provider or (2) understand how to use their complaints handling channels. In this latter scenario, the provider should request its third-party providers to share a summary of the complaints submitted by its clients on a regular basis.

Scoring guidance

Score ‘N/A’, if the provider does not use any third-party providers.
Score ‘yes’, if the provider has a systematic process in place to (1) inform its clients on how to submit complaints about their experience with the third–party providers and (2) assist them to resolve any complaints against third-party providers. (3) The provider monitors regularly the effectiveness of this process.
Score ‘partially’, if the three requirements are not met fully. For instance, not all clients are informed or the provider fails to resolve some complaints.
Score ‘no’, if the provider does not inform most clients on how to submit complaints against third–party providers and/or fails in most cases to resolve their complaints.

Sources of information

Complaints handling policy.
Interviews with complaints handling staff and manager.
Interviews with the staff who is the relationship manager for third-party providers.
Interview with the third-party provider’s agents, if applicable.

Evidence to provide

Title and page number of the part of the complaints handling policy that describes how clients should submit complaints about the third-party providers.
Summary of the interviews.