Introduction
In the common narrative of the international development sector today, financial inclusion has become synonymous with digital financial services (DFS). But at least 1.9 billion people in the world do not have bank accounts—a useful proxy for measuring formal financial inclusion. To close this gap in formal financial inclusion, private sector actors, development and aid organizations, and governments have turned to technology to accelerate access to financial services.
However, digitally delivered financial services are only a tool, and financial inclusion is a goal that extends beyond providing access to formal financial services. Regardless of this difference, digitally onboarding the greatest number of people to the dynamic and (usually) frigid world of financial services has become a holy grail for which the benefits are either overstated or vaguely delineated.1 Research on the benefits of digitally mediated financial inclusion abound. But there is a rather debonair dismissal in the prevailing discourse of the associated, nontrivial risks of rapidly scaling financial services.
In pursuing digital financial inclusion, accelerating access to DFS has taken precedence over equally important features like providing adequate protections for those who use digital platforms to make financial transactions. As such, the populations being targeted for financial inclusion have been negatively impacted, and public trust in formal financial services or products has taken a hit. Despite growing cyber crime risks, DFS providers often do not give adequate and/or consistent attention to risk mitigation in the design of such services.2 This is a well-discussed problem in private conversations and the odd media report after a major security incident, but it still remains inadequately addressed by businesses and governments.3 Poorly designed and implemented digital financial inclusion (DFI) policies at scale cause both specific and nonobvious harms to the target populations. Attempts to rapidly scale financial inclusion through digital tools are often the culprit.
It is worthy to point out that concern over digital fraud is cited as one of the reasons behind government efforts to implement robust digital ID schemes that use biometric information to authenticate individuals—such as India’s Aadhaar number, which effectively functions as a foundational ID (also known as a civil register) and in some cases as a functional ID that is used for specific purposes such as voting during elections, registering drivers’ licenses, or obtaining welfare benefits.
In proposing these digital ID programs, the argument is often made that in addition to functioning as part of a modern civil record revamp, they help to support effective know-your-customer (KYC) procedures. Indeed, legal personal identification is a sustainable development goal. But many of the proposed digital ID schemes naturally and needlessly extend governments’ surveillance capabilities on private citizens. GhanaCard, the national biometric ID scheme of Ghana, is an example of this mission creep. From being mandated for all financial transactions with all formal and regulated financial services providers, the current administration wishes to make only cardholders eligible voters.4 Besides enhancing digital authoritarianism, these quasi–mass surveillance programs built on the back of digital ID projects do not necessarily support financial inclusion, are unwieldy, and often mean redirecting state resources away from crucial social programs.
As these ID schemes are rolled out in countries with poor data protections, weak points may be exploited to steal personal identifiable information (PII) and used to perpetuate crime. For example, in 2021, the records of all 45 million people registered on Argentina’s national identity database, Renaper (Registro Nacional de las Personas), were hacked, and some data were put up for sale in hacker forums.5 Similarly, in April 2022, security researchers at Website Planet, an online resource center for digital professionals, discovered unsecured Amazon S3 data buckets belonging to a Nigerian government healthcare agency that contained thousands of applicants’ personal data.6 Despite being held up as a successful example of digital ID enabling financial inclusion, India’s Aadhaar system has suffered and continues to be impacted by data breaches.7 This complex mix—the inattention to cybersecurity risks and privacy intrusion when creating universal, digital IDs—is leading to a widening public trust deficit in digital finance products and in government identity initiatives.8
This paper presents three ideas that run counter to narratives around financial inclusion and public policy pronouncements that accompany DFI targets, focusing specifically on DFI programs in Africa. First, I argue that aiming for financial health would better serve the needs of consumers than aiming for financial inclusion alone. Centering financial health rather than inclusion is a mental first step toward designing products that deliver improvements for DFS users. Similarly, financial inclusion need not be synonymous with DFI since exclusion is composed of social, economic, and structural problems that more technology simply cannot resolve.
Second, I argue that the current reluctance to understand, much less mitigate, the negative impacts of digitalizing financial inclusion undermines public trust and allows for exploitation by those seeking power. Exaggerations of success and rushed scaling of digitization programs create opportunities for corporations to exploit the cover of financial inclusion for profiteering. The double-edged pursuit of benefit through digitalization can also enable politicians to consolidate power using mass and mobile surveillance to strengthen digital authoritarianism. This is because DFI policymakers and practitioners fail to put the multifaceted aspects and drivers of financial exclusion front and center.
Finally, I argue that the lack of centralized, universal, and biometric digital IDs in emerging economies is not a significant barrier to inclusion and should not be linked to inclusion efforts overall if policymakers are serious about delivering financial inclusion to the most excluded in societies. While I concede that cybersecurity is important and is itself what leads to biometric ID proposals, it is likely that tying financial inclusion to universal biometric IDs may have the opposite effect to inclusion. Creating universal digital IDs that combine foundational ID systems with functional IDs fosters a sense of apprehension among residents who have to deal with the fallout of having to share inadequately protected personal data.
In theory, digital ID programs should help inhibit fraudulent activity. The reality is different in countries like Nigeria, for example. The result is that residents are compelled to register and, in some cases, reregister under digital ID programs (under threat of losing access to services that many have long adopted and come to depend on). Yet these ID programs are seen to fail repeatedly, even as cybersecurity risks proliferate.
To advance financial inclusion, DFS policymakers and practitioners need to understand the situations where biometric IDs hinder inclusion while providing only marginal fraud prevention benefits. In highly informal social spaces, policymakers and advocates of biometrics for combating fraud also have to face the stubborn fact that current digital ID programs in Africa are not designed for highly informal economies. Recall that unlike account data, biometric data is irreplaceable, and data protection practices (not policy) in Africa are often woefully inadequate. This leaves residents—who typically have little to no control over how their PIIs are accessed, stored, or used—vulnerable to risk baggage of biometric data breaches. My argument is for policymaking to recognize these challenges and set out to resolve them, with the support in the form of funding from global development partners, instead of plowing full steam ahead with a broken process.
For example, the response from Nigerian DFS providers interviewed by this author is that the lack of legal consequences for cyber criminals defeats the larger purpose of having digital biometric IDs like Nigeria’s BVN.9 That is to say, the failure of law enforcement to adequately respond to cyber crime and a lack of industry collaboration on fraud prevention and incident reporting both play a large role in the rise in cyber fraud regardless of KYC or digital ID programs.
On the other hand, direct biometric authentication (fingerprints and facial scans) for payments have to contend with failure rates that ruin customer experience.10 Thus the high costs of deploying quality biometric systems leads financial institutions to rely on biometric ID numbers or cards, which are easily compromised.11
All three arguments are linked in the prevailing discourse and treatment of financial inclusion as an access problem, a technology problem, and a problem to be solved by enforcing universal biometric IDs (or surveillance) programs. This results in unintentionally playing down the systemic cyber risk of accelerating DFI, ignores the social risks created by Africa’s budding mobile surveillance society, and ignores the gaping lack of significantly positive outcomes from years of access-focused financial inclusion programs. In summary, I am arguing that rather than simply focusing on rapidly scaling access, it would be better to design inclusion programs that prioritize meeting the needs of excluded populations.
The question at the heart of this paper is whether it is sufficiently demonstrable that rapidly scaling access leads to or has led to healthy financial outcomes and empowered especially underserved communities.
By focusing on a digital vision for inclusion at any cost, the potential for misuse by private individuals, corporate bodies, and public institutions is being ignored in favor of reaching bogus milestones, enhancing state power, and—for private corporations—generating and sometimes monopolizing profit margins. These priorities are counterintuitive to the lofty visions of financial inclusion to empower users through affordable, responsible, and needs-based financial services.12
The extent to which DFI is useful is limited by a hard ceiling imposed by factors such as cyber crime and the lack of effective implementation of data protection rules. This failure to adequately protect data is illustrated by Nigeria’s universal and biometric digital ID program, which only tokenized PII eight years after commencing the biometric ID program and coercing mobile voice users to share the untokenized ID numbers with telecom providers (see box 1).13 The lack of protective features for PII in the design and rollout process of Nigeria’s biometric ID program may be directly responsible for the significant rise in fraud that Nigerian DFS users have had to contend with in recent years. Social media users and news media organizations regularly cover cyber fraud that financial institutions have failed to arrest, and leading fintechs (including the mobile money service operated by MTN Nigeria, Nigeria’s largest telco) have been impacted by financial cyber crimes. Additionally, one of the key factors that contributed to the Kenyan High Court’s decision to strike down the use of the country’s Huduma Namba ID scheme was the failure of the government to conduct a data protection impact assessment prior to implementing the ID program (which at the time, proposed to collect GPS coordinates and user DNA). Such is how basic data protection is often only an afterthought for government institutions in Africa.
Box 1: Explaining Tokenization
Tokenization technology is an additional layer of security that converts personally identifiable information or other sensitive information into a surrogate string of characters that do not have any intrinsic value or meaning. Because tokens allow sensitive data to be virtualized and unique, they significantly reduce the risk of fraudulent transactions or identity theft.
Untokenized or improperly tokenized data, on the other hand, present a more permeable surface area for cyber attacks. Untokenized data can be exploited to steal users’ identities or perform fraudulent transactions. And they allow unchecked linkability, exposing users to corporatized and/or governmental surveillance.
Tokens are not fail-safe if bad actors can gain access to the back-end databases storing sensitive data. To mitigate this, the Unique Identification Authority of India, which is responsible for the country’s Aadhaar scheme, tokenized both the front-end universal identity numbers that are shared with service providers for KYC and the back-end where Aadhaar data is stored in service provider databases.14
Austria, Estonia, and Nigeria also use tokenized digital IDs. Nigeria, though, has only implemented front-end tokenization.
What Matters the Most?
The usual definition of “financial inclusion” by the World Bank Group, development organizations, think tanks, and governments emphasizes “access to useful and affordable financial products and services.”15 Researchers assert, however, that financial inclusion is the result of a strategic mission shift whereby the strategy through which poverty alleviation is supposed to take place has fundamentally shifted, from microenterprise credit to financial inclusion.16 Development institutions, donors, and national donees have slowly pivoted away from seeking to “empower” microenterprises in the poor reaches of the world under the first wave of impact investing to focusing on financial inclusion.17
At one extreme end, financial inclusion proponents appear to declare that mere participation in the financial sector is expected to alleviate poverty.18 DFS, they argue, accelerate this. Under this line of thinking, Kenya’s M-PESA mobile transaction system has been globally celebrated for lifting people out of poverty through the mere ease of sending and receiving money, even before it offered supposedly higher-level financial products such as loans (see figure 1).19
The World Bank’s definition of financial inclusion includes a caveat noting that access—defined by the number of people with transaction accounts—is only a first step. However, getting the most people to create transaction accounts has become the pillar (in practice) upon which financial inclusion initiatives are built and measured. It is, after all, the low-hanging fruit.
The digital divide, a term coined by Lloyd Morrisett to mean “a discrepancy in access to technology resources between socioeconomic groups,” transcends simply getting the technology have-nots to catch up with the haves. In fact, closing the divide of Morrisett’s definition implies more than simply supplying transaction accounts. As Russell Southwood notes, “There is a considerable amount of unfinished business, including a growing lack of competition between mobile operators, commercial model challenges created by online and social media and the continuing digital divides in poorer peri-urban and rural areas. Successful mobile money services are de facto monopolies that are storing up challenges for the future.”20
As Southwood outlines, growing monopolies may eventually wield the power to set prices, which could have the effect of filtering out low-income earners. This type of market failure does the opposite of inclusion as it does not maximize the welfare of consumers.21
Designing for transformation, not just access, will bring new life to programs aimed at addressing the gap in how people use and are positively impacted by digital services. For example, mobile phone–powered remittances are an effective way to modernize traditional money transfer methods, as evidenced by the success of M-PESA in Kenya. But judging the impact is often one-sided. Researchers in Bangladesh designed and implemented a mobile phone–based money transfer intervention that measured the impact of using the service on both sides (sender and receiver).
On the receiving side of this study (rural residents), “daily per capita consumption among active users increased by 7.5 percent and extreme poverty fell, although overall rural poverty rates were unchanged. Rural households borrowed less, were more likely to save, and fared better in the lean season. Investment increased, as seen in a rising rate of self-employment and increased out-migration for work. The rate of child labor fell relative to the trend in the control group, and we find evidence that hours of study improved.”22
While the study showed that mobile technology was an effective tool for income redistribution, it illustrated the costs that using digital money transfer tools impose on the remittance sender. The migrants who sent money home “reported declines in physical and emotional health, consistent with pressures to work longer hours and increase remittances enabled by the new technology.”23 Unlike this study, which examined impact broadly, studies about the causal links between access to and use of DFS and improved livelihoods test for specific improvements. However, the studies do not always take into account the other unknowns that may have played more prominent roles in creating the positive change or transformation.
Transformation in this sense refers to the degree to which participation in the financial system generates positive economic benefits for formerly excluded populations. One example of an inclusion program that was designed for and is delivering financial transformation is Avanti Finance, a digital lending platform for assessing, delivering, and monitoring small business loans. The company offers loan products based on the specific needs of the end consumer. Its modular platform allows it to both lend and help its partners, including NGOs, deliver targeted digital credit.
Modular and responsive DFS design in the mold of Avanti (but not necessarily in digital credit) should be the goal for creating transformative financial inclusion programs. Crucially, for policy initiatives in Africa, this goal necessitates going beyond simply adopting turnkey digital or policy magic wands that are content with only increasing access to formal financial services. Initiatives that go further can have more conversation and thinking about how to design and redesign inclusion programs and products that truly meet the financial needs of people, especially those underserved and marginalized. For example, programs such as Mastercard Foundation’s Expanding Access to Financial Services initiative—which currently funds twelve access-type programs—could become more sustainable if it asked, “How can we design DFI program X so that it moves user A from dealing with an identified problem category to having that need met or enabling that need to be met?” This is what designing for transformation will mean in practice. Of course, proper follow-ups, monitoring, and evaluation are also important components of this design.
An Access Problem?
Across Africa, over half (approximately 52 percent) of the population is predominantly rural.24 For prosperous, upwardly mobile, and urban populations, access to DFS has enhanced already existing options and significantly improved the financial experience. But for rural dwellers and the urban poor who have fewer options, access to DFS, while welcome, has not significantly improved financial well-being (see figure 2).25
In Nigeria, the percentage of adults who are included in formal financial institutions increased from 36.3 percent in 2010 to 50.5 percent in 2020, an average of 7.9 percent per year, shown by data from Enhancing Financial Innovation and Access (EFInA), an entity that serves as a technical adviser for Nigeria’s financial inclusion strategy. According to EFInA, formally included individuals are the adult population who have or use formal financial products and/or services provided by a regulated bank or nonbank financial institutions. In total, in 2020, 64 percent of Nigerians were considered financially included by this definition. But beyond this access-oriented approach to financial inclusion, only 27 percent of Nigeria’s adult population was considered financially healthy in 2020 (see table 1).
This paper uses terms like “access-type” and “access-oriented” inclusion to refer to the limited measure of financial inclusion that examines how many people have and use formal financial services. While it is important to measure the usage or adoption of financial services in order to gauge receptivity by the public, merely using a mobile wallet or digital bank account is insufficient for determining if progress is being made from a financial well-being perspective. The point is that inclusion can only be fully defined vis-à-vis a positive transformation for users in the form of resilience to financial shocks and the ability to meet their needs.
Financial Inclusion or Financial Health?
The emerging field of financial health—defined as the state when one’s daily financial systems allow them to be resilient and pursue opportunities over time26 or as “the extent to which a person or family can smoothly manage their current financial obligations and have confidence in their financial future”27—is slowly gaining currency in conversations about measuring inclusion. For example, as Elisabeth Rhyne points out,
The data on whether financial inclusion leads to greater financial health remains inconclusive and, in some cases, counterintuitive. In the Findex studies from 2014 to 2017, although financial inclusion (account ownership) rose across the world, resilience decreased slightly in all regions, excluding high-income countries. In Kenya’s FinAccess surveys, the number of financially healthy adults dropped between 2016 and 2019, even as access and usage of financial services increased.
The financial inclusion sector has been bedeviled for years in attempts to demonstrate a direct impact path from financial services to ultimate outcomes. With so many intervening factors, and with financial services playing only a facilitating role, that path has never been clear.”28
The lack of direct causal relationships between the use of digital finance and financial health should at least direct researchers to study other variables—and even question the assumption that material improvements to financial well-being will come from the provision of financial services.
Contrast the Nigerian situation with that of Kenya. In 2009, only four in ten Kenyans had a formal financial account (still a 65 percent jump from three years prior). Between 2009 and 2021, the percentage of Kenyans who were formally included increased from 41 percent to 83.7 percent, or about 22.2 percent per annum on average.29 Yet, only a fifth of the Kenyan adult population is considered financially healthy (see figure 3).30 Similarly, a little more than a quarter (27 percent) of Nigeria’s adult population is considered financially healthy, slightly outperforming Kenya.31 Both countries have identical per-capita GDPs of slightly over $2,000.
Needs Over Numbers
Interestingly, data from Financial Sector Deepening Kenya (FSD Kenya) show that informal financial channels are the second-most-important way for low-income Kenyans to dampen the impact of shocks, meet daily needs, and plan for the future (behind only nonfinancial approaches such as cutting down on expenses or taking on more work). FSD Kenya’s needs-based framework for assessing financial inclusion showed that the use of formal solutions to meet financial needs had declined by half in 2021 from their 2019 levels,32 regardless of whether survey respondents met the definition of being formally included or not. Indeed, more people (35 percent) used informal finance to mitigate the impact of financial shocks compared to the number for whom formal financial products were a solution (6.8 percent).33 Formal financial services, meanwhile, were the favored route for investing to reach a goal such as higher education.
Adopting a needs-focused approach to “inclusion”—especially for the financially vulnerable—as opposed to passively reaching for access goals will force policymakers and entrepreneurs to test the theory of access upon which current financial inclusion programs are built. In Nigeria, for example, where an access-type National Financial Inclusion Strategy has floundered since it was first created in 2012, a needs-focused approach would help the government identify and prioritize inclusion programs that cater to the pressing problems that excluded Nigerians face. Of the 72 percent of Nigerians who are financially unhealthy (see figure 3), 44 percent report that they have trouble managing risks emerging from financial shocks and emergencies. Nigeria has one of the worst insurance penetration rates in Africa at 0.5 percent.34 Health insurance in particular is not widely available, with out-of-pocket spending on health-related issues and emergencies standing at over 70 percent of current health expenditure.35 For informal and low-income earners who typically work outside of formal establishments that may offer health insurance plans, the figure is undoubtedly higher. A 2010 study found that out-of-pocket health expenditure accounted for a 0.8 percent increase in poverty headcount (that is, it pushed 1.3 million Nigerians below $1.25 per day). The study concluded that policymakers needed to “provide social health protection plan against informal Out of Pocket ‘OOP’ health payments in order to provide financial risk protection” for Nigerian households.36 This is clearly an area that financial inclusion can be designed to address.
Putting needs at the center of DFI policymaking means that policymakers, DFI practitioners, and DFS platforms need to:
- identify whose needs are not addressed by simply being able to make and receive payments;
- identify and seek to understand the patterns, where possible, of financial shocks that disproportionately affect lower-income populations (for example, when children were withdrawn from school due to the financial impact of the coronavirus pandemic on their households, access to multiple digital payment options was useless as parents simply did not have the money);
- invest in research to understand how to create differentiated credit products that are designed to meet categories of needs and customer profiles (such as avoiding the counterproductive, high-interest undifferentiated digital loans to families suffering financially from emergency health measures); and
- design specialized financial products and systems that at the very least can sustainably mitigate the impact of financial shocks.
People in both Kenya and Nigeria are still grossly underserved, despite the countries being important fintech markets where significant experiments with DFI are prevalent. Designing for needs does not always seem to inform the prevailing approach to financial inclusion. It is a running joke in DFS provider networks that the true number of people able to pay for most of the financial products currently offered is often smaller than advertised, suggesting perhaps that inclusion goals do not necessarily align with commercial objectives. So DFS providers default to the opportunity to profit from serving the typically smaller, more-well-off market. It also suggests that high levels of access-oriented financial inclusion have a limited impact on general financial health and meaningful economic inclusion. So while residents in wealthy urban areas like Nairobi tend to have better financial health, it is possible that this well-being is not directly attributed to access to financial services, since (especially in Kenya) access, generally speaking, is relatively high. For example, researchers have found that financial health in rural Kenya is positively influenced by education level, wealth, joint financial decisionmaking in a household, income, and pension and national health insurance fund uptake.37
The question begs, “Are people better off because they use DFS or do they use DFS because they are better off?” Other research suggests that while a definitive answer to this has not been offered, the effectiveness of using digital finance to improve people’s welfare depends to a large extent on the socioeconomic status of the beneficiaries. That is, rich (and possibly already financially included) people tend to use more of and benefit more from DFS.38
Claims that link DFS use to almost immediate improvements in socioeconomic status or overall access to education, health, and energy access are aplenty. But some—like the assertion that pay-as-you-go solar energy companies have used digital finance to provide 10 million people with affordable, modern energy—are disputable.39 Critics point to the debt burden the model has created for the vulnerable poor whose mobile phones are connected to these systems. In a private conversation with the author, the lead investor of a Nigerian clean energy investor confided that social hype and opaque reporting for pay-as-you-go solar systems allowed impact investment projects to frequently overstate benefits.40 Linking projects with inflated impact reporting to financial inclusion may make for compelling storytelling, but it does not do users any good. It is not proper to rely on grand statements like this to attempt to link DFS to social improvement.
What can be done better, however, is to first realize that there is no one-size-fits-all DFS solution for meeting needs as a financial inclusion goal. The needs and patterns of demand will need to be well understood. And targeted solutions that may not necessarily be digital will need to be deployed. Targeted solutions can be as simple as policy shifts or as complex as regulatory improvements and customer protection rules.
Centering Impact Over Digitally Mediated Access
Another facet of the access problem is how “formal access” has been co-opted as a funnel into cycles of microcredit for profit.41
Despite, or maybe because of, the abundance of mobile payment systems and digital loan products, Kenya’s negative reinforcing credit reference system has been aggressively used by digital lenders to blacklist and thus lock out small-scale traders from formal credit systems.42 This is because obscenely high interest rates—that average between 75–395 percent per year43— force many to default on their loan and interest payments. To continue accessing credit, individuals and small businesses are turning back to informal loan arrangements. In Kenya, for instance, so-called Maasai shylocks have stepped in to address this gap; they provide credit without collateral, strenuous paperwork, or a listing with the credit reference bureaus. Instead, they rely on social capital and trust (see box 2). Despite the risks and sometimes high daily interest charges, these arrangements are increasingly seen as more sensible, especially for low-income earners.
The formal financial system arguably provides a much more diversified portfolio of financial products, so why are Kenya’s street vendors turning to informal and offline mediators to meet financial needs?
Box 2: Digital Lenders Versus Maasai Shylocks in Kenya>
Two of the options available to Kenyan loan seekers are formal digital lenders and informal lenders, both of which offer extremely high interest rates but differ in the requirements for accessing credit and their method of collecting repayment. Although only twelve are fully licensed, at least 288 digital loan providers operate in Kenya.44 Two Kenyans describe below what led them to choose their lender.
A Kisumu county resident in Kenya was introduced to digital loan providers by his grandson when he was sick with malaria and could not afford hospital bills. He said, “I signed up for some Sh2,000 from one of the lenders. Little did I know what I had got into. First of all, I only received about Sh1,600 of the amount I had applied for because they had deducted a service charge of Sh400. The interest charge was also quite high at about 15 percent monthly, and they didn’t reveal that to me from the beginning.”45
A motorcycle-taxi (boda boda) driver said, “Dealing with the Maasai [shylocks] is the most sensible thing for many small traders right now. I use a rented boda boda. Every morning I take a Sh500 loan from them to buy fuel, which I use to ferry passengers and make deliveries around town. I then refund the amount with an interest of Sh75 at the close of business.”46
The answer perhaps lies in some of the extra baggage that comes along with digitally mediated access to the formal system and the fact that rapidly scaled DFS (in this case digital loans) are not designed to address the needs that drive the people cited in box 2 to seek informal finance.
Claims of the success of rapidly scaled DFS are often light on long-term evidence and regularly ignore factors that may swing the pendulum to the negative side. For example, one study found that “access to M-PESA has lifted 194,000 households (2% of Kenyan households) out of poverty” by enabling more petty trading.47 But other scholars point out that this overly rosy view ignores several key points, including the high failure rates of petty entrepreneurship, income displacement, the fallacy that supply creates its own demand, increased indebtedness, and the net negative effects of profit extraction by DFS providers in the form of fees charged on microtransactions.48
It is relatively easy to count how many people have signed up for DFS or been included; it is a much greater challenge to assess the costs and benefits they have experienced after doing so. Leading World Bank economists have pointed out that impact evaluations typically ignore these gaps.49 But this acknowledgment has not tempered the glowing reportage of DFS as a tool for driving microenterprise and financial inclusion.
In fact, while the impact of access to DFS on users’ financial well-being is unclear and understudied, the economic benefits that have accrued to service providers, especially near-monopoly players like Safaricom (which controls M-PESA), are indisputable. Safaricom, also Kenya’s largest publicly listed company that once accounted for more than 60 percent of the market capitalization on Nairobi’s stock exchange,50 generates large dividend payments and capital appreciation from its operations. In the telco’s 2021 business year, M-PESA accounted for 36 percent of the group’s revenue and 49 percent of its profit before tax.51 With 40 percent ownership by the UK’s Vodafone Group, 35 percent by the government of Kenya, and the remaining 25 percent owned by a mixture of both Kenyan and mainly foreign investors,52 the private economic incentive is clear. A similar result is seen in the private and development sectors, where start-ups and development finance funds may collaborate to deliver services like digital loans in ways that are often unsustainable—because of how cheaply the credit is provided—or even predatory.
Failing to focus on impact and instead concentrating on digitally mediated access can have far-reaching consequences. One clear example of how DFI can be captured by the private sector occurred in 2021 when the Association of Licensed Telecoms Operators of Nigeria (ALTON) threatened to disconnect banks from Unstructured Supplementary Service Data (USSD) services over an accumulated debt of 42 billion naira (about $92 million). At the time, telcos provided USSD services to financial institutions for free while the banks charged their customers 450,000 naira for every 20 seconds spent carrying out a USSD transaction. Debits were usually made monthly. Mobile carrier networks asked banks to stop the charges or allow them to take a cut of the fees. The response of Nigerian banks was to ask telcos to implement so-called end-user billing, where customers are charged directly for using USSD to access financial services. The banks, however, refused to confirm that the implementation of end-user billing meant they would not also continue to charge their customers per transaction (which would result in double-billing). For its part, the Nigerian Communications Commission issued new guidance that forbade telcos from implementing end-user billing. So, telcos charged the banks, who refused to pay, leaving the unpaid fees to grow.53
After an announcement by the telecom operators’ association that it would stop providing USSD services unless the banks paid up—and a subsequent reduction in commissions paid to banks by MTN—a banking cartel formed and immediately disconnected MTN users from USSD banking services. Overnight, about 64 million Nigerians who used MTN’s mobile network could not make USSD bank transactions, purchase airtime for calls and SMS, or buy internet subscriptions from their banks via USSD.54 Only MTN subscribers who had debit cards and alternative internet access could access their bank accounts digitally, leaving the rest at the mercy of the banks.
Another example of how failing to center needs creates room for monopolistic behavior and may even undermine inclusion is M-Shwari, Safaricom’s flagship digital loan product. M-Shwari uses a tier-based KYC process to offer unsecured loans to M-PESA users. By leveraging the data Safaricom has about users’ purchases of airtime and their transaction histories, the telco transforms user data into a tool for monopoly power. Since the company “owns” user data between M-Shwari and M-PESA, when M-Shwari customers default, Safaricom can report them to the credit reference bureaus, effectively blacklisting them. On the other hand, Safaricom’s competitors cannot offer competitive credit products, since they have limited access to data on how mobile money users leverage credit products. The effect is that users who are caught in Kenya’s vast, negative-reinforcing credit reporting systems are automatically unable to access competitive DFS terms from Safaricom competitors, without even having the opportunity to review the original blacklist data.
Working backward from the outcome (financial well-being) of financial inclusion is not an easy path to take. But it is necessary to make progress instead of setting up “digital Potemkins” under an access-type inclusion label. This alternative approach of meeting people’s financial needs is gaining currency, albeit slowly.
A Technology Problem? The “Digital” in “Digital Financial Inclusion”
To understand the tech problem, it is important to consider the digital divide in Africa as a gap that extends beyond access to digital services (the haves and the have-nots) to the type and quality of available digital services. This gap is driven by constraints that may be social or cultural, such as gender limitations or religious practices, or commercial, such as the costs of 4G smartphones versus basic feature phones. But a digital gap may also exist because of individual or political choices that individuals and governments make to limit exposure or access to digital systems.
Going digital invites technology into every area of life and increases the surface area for failures in digital services to have deeper consequences. For example, individuals may choose to limit their use of digital financial products to avoid cyber crime or to evade overbearing tax and digital rent-seeking from corporations. Sometimes access to digital services is arbitrarily suspended, creating instances where people are particularly vulnerable to public authorities who may completely sever access to specific digital products or to the internet altogether to contain political pressure and opposition.
Furthermore, inequities exist not only in access to internet services and infrastructure but also where consumers and enterprising individuals are limited to mobile-first consumption platforms, creating a concentration of cybersecurity vulnerabilities linked to the mobile ecosystem for the end user.55 Some of these security vulnerabilities include mobile network operator fraud and SIM swap scams, among others.
Forced Inclusion
One result of focusing on delivering digital inclusion rather than inclusion and digital services as unique and distinct goals is often a spectacular type of market and public service failure. In this scenario, public authorities may restrict access to public infrastructure, civil services, or even privately controlled products in order to enforce or mandate participation in digitally mediated inclusion programs. While this type of coercion may compel the public in the short term, it damages public trust in government. In some cases, the rollout is chaotic, creating opportunities for misbehavior. By trying to force people to use digital payment channels without addressing cost, reliability, and cyber crime, the resulting chaos has a reverse effect. People—especially low-income and poor households—hoard cash and move away from DFS even as high-income households spend more digitally.
Take the case of SIM card disconnections in Nigeria. In order to comply with government directives to reregister SIM cards, telecom operators were forced to disconnect users from their services, including USSD payment services, in 2022.
By blocking or threatening to suspend voice, text, and mobile money services, telecom operators and regulators led thousands to mob registration points in Nigeria during a pandemic and caused a slump in the growth of mobile subscribers. Telecom operators, mobile subscribers, and internet users—all key players for driving digital inclusion—faced a wide range of effects (see table 2).56
Table 2: Impact of the 2020 SIM Reregistration Exercise on Leading Telcos in Nigeria | |||
Telecom Operator | Total Subscribers | Mobile Subscribers | Internet Subscribers |
Airtel | Between December 2020 and February 2021, Airtel's subscriber base dropped about 10.1%, a loss of 5.8 million subscribers. | Between November 2020 and February 2021, Airtel's mobile subscriber base dropped from 57.23 million to 51.43 million. | Airtel lost 1.57 million internet subscribers, leading it to stand at 39.9 million subscribers. |
MTN | Between December 2020 and February 2021, MTN Nigeria lost 4.67 million subscribers. | In the same period, MTN saw a 5.7% reduction in mobile subscribers. | MTN lost 2.92 million internet subscribers in the same period. |
Glo and 9Mobile | Glo and 9Mobile lost 415,170 and 909,955 mobile subscribers, respectively. |
Microenterprises and street traders who rely on their feature phones to conduct business were forced to abandon income-generating activities to participate in the tiring and chaotic SIM card reregistration exercise. It also created a parallel market of sorts where handsome bribes were paid to jump queues or acquire often-fake identification numbers, potentially exposing unsuspecting citizens to fraud and identity theft.57
All told and after several postponements, Nigeria’s government barred outgoing calls from 73 million mobile phones, a third of all mobile subscribers in the country.58 Mobile network carriers were not reluctant to comply, especially considering that in 2015, the Nigerian Communications Commission fined MTN Nigeria 1.04 trillion naira ($5.2 billion) for failing to disconnect subscribers with unregistered or incomplete SIM cards. The fine was later reduced to 330 million naira, a decision that was dogged with allegations of bribery to senior government officials.59
By cutting off or threatening to cut off access to mobile telecoms services, Nigeria’s government and other African governments are using state power to force behavior on both included and excluded populations. The resulting chaos threatens the fragile public trust in government. It is important to note that in some cases mobile communications providers painstakingly built up trust in digital services as the pillars of Africa’s digital revolution. In a twisted sort of way, it appears that policymakers have come to believe that cutting off access and excluding significant portions of their communities from basic services is justified in order to digitally include their citizens and residents.
Reverse inclusion also manifests in Nigeria’s quest to force the birth of a cashless economy. In the latest iteration, the Central Bank of Nigeria took India’s 2016 demonetization path. Initially billed as part of a plan to tackle corruption and black money and improve the effectiveness of monetary tools on inflation and the naira, the Central Bank now claims the policy will support financial inclusion.
It is noteworthy that in the revised 2018 financial inclusion strategy, the Central Bank did not mention plans to limit access to cash as part of its inclusion program. Accordingly, the flustered rollout of a central bank digital currency, a hasty demonetization, a currency redesign, and a cash withdrawal ban are all hallmarks of policymaking on the fly. The consequences have been severe. In January 2023, videos emerged of street traders refusing the redesigned currencies just weeks before old notes were to become illegal, a sign of deteriorating public trust.60
Nor has the Central Bank been able to utilize Nigeria’s massive agent bank network to smooth the process. A leader in the agent banking space, Sarafadeen Fasasi, shared how in the lead-up to the first deadline for the new cash, super agents could only short list a fraction of their dedicated agent locations to handle the inevitable influx of customers. One super agent in Abuja could only mobilize seventy agents, even though they were responsible for 200,000 roadside agents.61 This was due to the shortage of cash float arising from the bans to effectively serve customers.
The instances above illustrate how focusing solely on digitally mediated inclusion can impair public trust in return for little in the way of enhanced social outcomes.
DFI, a Useful Cover to Advance the Surveillance State, Widens Cyber Attack Surfaces
Policymakers claim to understand the importance of social trust in public and private institutions in order to deliver services. But it is not obvious that the institutions they represent understand the unintended consequences of creating new digital services and hyperscaling in an effort to reach huge milestones that often offer no strategic value beyond being top-down enforced projects with vanity metrics disguised as impact.
At the same time, policy wonks, government officials, and the people who fund them continue to confuse (intentionally or not) the individual right to legal recognition with a perceived need for biometric universal digital IDs. The justification for these programs swings from countering cyber crime or terrorism to supporting financial inclusion. But as Nicola Jentzsch notes, “there are essentially no robust empirical studies that show that such measures make a difference in terms of crime detection as criminals have a number of ways of circumventing rules.”62
Imposing an additional proof-of-identity burden, and demanding that it must be biometric, in order to support financial inclusion is artificial and demonstrably hinders inclusion.63 In historically marginalized communities where there are no easy ways to access IDs, mandating their use to effectively participate in society is counterintuitive. This has been the case with Kenya’s Nubian community, which is forced to depend on communal networks to access financial services, potentially allowing abuse at the individual level.64
Furthermore, some individuals who need to deposit cash into mobile money accounts are constrained by the need to constantly possess and display photo IDs in order to facilitate these transactions. Since they will deliberately seek lax KYC agents to help facilitate these transactions, it is conceivable that more people will use formal channels more if they are not constrained.65
It is true that digital ID programs are linked to financial inclusion largely due to rules related to anti–money laundering and combating the financing of terrorism (AML/CFT). One can question, however, the extent to which this is necessary for low-income households. AML/CFT measures can negatively affect access to, and use of, financial services if the measures are not carefully designed.66 As a result of this finding, several countries, including Nigeria and India, have simplified AML/CFT due diligence in lower-risk cases, particularly for domestic payments.
It is not often mentioned that in India—whose Aadhaar ID scheme, launched in 2009, has been hailed as the model biometric ID scheme—there was no significant uptick in the usage of digital payment services until eight years later, with the launch of India’s Unified Payments Interface (UPI) in 2016 . Despite the Aadhaar scheme not being mandatory, India’s lead in digital payments continues to grow, led by increased participation in the UPI system, which does not also require users to possess Aadhaar cards.
To be clear, this is not an argument against IDs or even digital ID databases; rather, the national mandates (often supported financially by development partners such as the World Bank) that link universal, biometric digital IDs with financial inclusion are not demonstrably necessary (see box 3). The cybersecurity argument that biometrics make it more difficult to perpetuate fraud is clear and well documented. In Africa, biometric digital IDs are often universal (that is, designed to be used broadly as proof of identity). However, the fraud-prevention benefits of universal, mandatory biometric IDs are constrained by the fact that poor cybersecurity practices mean that biometric databases are too easily compromised by bad actors or co-opted by government for surveillance schemes. Conversations with DFS practitioners and stakeholders in Nigeria, for example, who lament the high number of fake digital biometric identities, lead me to conclude that prevailing KYC processes are not fit-for-purpose or at least are not working correctly.
Box 3: What Would an Alternative or a Reform of Current KYC Practices Look Like?
- It would start from the design of ID systems that protect privacy while allowing permissioned authentication for payments.
- Institutions should be encouraged to adopt less rigid, tiered KYC. Tiered KYC is not a new concept and famously allowed M-PESA to grow rapidly. But even today, the use of tiered KYC, especially by banks, is skewed toward a risk-averse interpretation that ends up excluding more people than it would otherwise.
- Governments and practitioners should consider removing artificial social or cultural barriers so that ID programs are more accessible by the most excluded sections of the populations.
- Demanding digital ID KYC mandates for low-value payments when data privacy protection systems are not fully in place is like general practice doctors sending every patient for surgery “just in case.” An alternative would be to gradually level up KYC to match risk levels. Policymakers should incentivize financial service providers to comply with these measures if they are serious about making KYC less exclusionary.
- Regulators and DFS providers will need to collaborate to build shared fraud detection and protection frameworks and capabilities without compromising privacy protections or penalizing users.
- Where digital ID schemes exist, regulators need to enforce data privacy standards and implement cybersecurity controls that will prevent a compromise of their systems. This will help build and maintain trust between data subjects and DFS platform operators.
- Finally, current KYC practices seem to operate too broadly. Investing the time and resources to understand customer groups in the product design process can help providers build better KYC risk models and practices because the products are designed to meet specific or category needs. Better understanding users and their needs will also help in building the fraud data sharing and detection frameworks.
Ultimately, designing not just to provide access but also to meet needs or encourage usage (in the form of promos, which is an avenue for fraud) will result in better products. It may also yield cost savings, build and maintain consumer trust, and even help expand access.
In February 2023, the Nigeria Data Protection Bureau commenced a probe into two of Nigeria’s tier 1 banks over data breaches and cyber fraud losses reaching millions of naira. Data from Nigeria’s payment settlement system show that within the first nine months of 2020, fraudsters attempted 46,126 cyber attacks against banks and were successful 41,979 times, representing a staggering 91 percent fraud success rate.67
Nor is there evidence that lack of biometric IDs is a blocker to building inclusive economies. It is worth pointing out that mobile financial services reached mass adoption in Africa without the aid of advanced digital IDs. Mobile money solved an important and costly problem, and people were only too happy to adopt the solution. On the other hand, it is not immediately evident that layering more ID technology is what will include those not yet covered by the service. As Tayo Oviosu, the founder and chief executive of Paga, a mobile money service with operations in several African countries, declared recently, “KYC is the bane of fintech progress.”68 Oviosu noted that it barely prevents financial fraud as fraudsters seem to possess dozens of possibly fake digital IDs, underscoring the weakness of the country’s identity system. He was not advocating the abolishing of KYC; he was merely echoing practitioners’ frustration and suspicion that the system is compromised—with good reason, as these examples have shown.
India’s Aadhaar has been breached several times, for example, fueling cyber crime and exposing low-income populations to additional digital threats. These examples all point to the well-documented risks of maintaining centralized digital biometric ID systems that add little in the way of economic inclusion and financial well-being.
Furthermore, some risks associated with other forms of personal identity are not eradicated by mandating biometric digital ID systems. These include plain human errors, unauthorized use of credentials, and the exclusion of individuals due to social, economic, religious, or political reasons. Unfortunately the proliferation of poor cybersecurity practices in Africa often means that digital ID databases can and have been manipulated—which can be especially damaging when biometric data is accessed.
In Kenya, mobile money users are required to present ID documents to deposit cash with M-PESA agents. The agents verify IDs by writing down the ID number on a physical register for manual entry into a computer. But requiring users to disclose their ID numbers (which are usually untokenized) for every agent transaction has created privacy and cyber crime risks. As early as 2012, in the run-up to the general elections of 2013, there were widespread reports that user data acquired from M-PESA agents by political party officials were used to register unsuspecting Kenyans as members of political parties.69 In 2021, the year before the 2022 general elections, similar complaints appeared on social media and local media reports.70 In 2019, Safaricom announced plans to issue M-PESA agents with digital registers. But, to date, M-PESA agents in Nairobi still manually enter PII in notebooks.
The most recent development is a proposal in Kenya ostensibly aimed at broadening the tax net by allowing the Kenya Revenue Authority to spy on mobile money transactions.71 Even if ignoring every other consequence of this overreach in the name of boosting revenue, it represents an increase in the surface area susceptible to cyber attacks. Furthermore, the move may roll back progress in the use of digital financial services,72 in much the same way that Safaricom’s indiscriminate disbursement of its Fuliza loans led to the subsequent blacklisting of defaulters, forcing some people off the digital payment radar.
The Allure of the “Current Thing”: Cybersecurity, Crypto, and Next-Generation Financial Innovation
Governments in developing countries tend to adopt nuance-lacking recommendations of foreign development finance funders and donor agencies as financial inclusion policy. It is also easier to turn a blind eye to the bottlenecks these promulgations create, leaving individuals and private enterprises to grapple with and find workarounds that may significantly compromise private data or strengthen unwarranted state surveillance.73
As mentioned earlier, only after having registered more than 70 million Nigerians under penalty of being barred from accessing telecoms services did Nigeria’s identity management agency implement tokenization to prevent PII from being accessed by fraudulent parties. While warning users to not share their biometric identity numbers, Nigeria’s National Identity Management Commission continued to encourage private companies to use the same untokenized unique identifying numbers to authenticate customers as part of KYC processes. Only after rushing to scale a digital ID program did the government begin to implement a data protection layer. Naturally, the effect of both the forced registrations and a chaotic process dogged with allegations of bribery was a decline in public trust for the scheme and the institutions delivering the project.74
In the pursuit of DFI, African regulators need to be wary of digital asset schemes that prey upon the gaps in the continent’s formal finance system. Because of the drive to promote financial inclusion, regulators may miss red flags from products that promise financial inclusion. To put this more plainly, elaborate crypto schemes are proliferating on the continent, promising access to unregulated finance products and claiming to enable financial inclusion.75 The complexity of cryptocurrencies means they will struggle to find utility among less sophisticated users; hence the financial inclusion potential is at least presently nebulous. Crypto’s privacy protections are also overstated as well. While certain configurations are more protective of privacy, there are concerns about the model of openness that the most permission-less configurations allow.76
One effect the growing blockchain/crypto digital assets market is already having is exposing Africa’s financial systems and fragile IT capabilities to greater cybersecurity risks (see table 3).77 For example, while South Africa recently declared crypto assets acceptable as financial products, South Africans are already suffering from crypto-related scams. In October 2021, 4,000 South Africans lost a total of 112 million rands ($6.1 million) in a bitcoin mining pyramid scheme called Obelisk.78 South Africa–based cyber crime groups are already exploiting vulnerabilities in enterprise software like Microsoft’s cloud service, Azure, to support their crypto mining enterprise.79
Table 3: Persistent Cyber Threats to Online Banking Platforms, Banks, and Mobile Money Providers in East Africa | ||||
Group Name | Base of Operations | Crime Types | Tactics and Malware Used | Scope of Threat |
SilverTerrier | Nigeria United States | Business email compromise (BEC) | Phishing Information stealers Remote access tools (RATs) | 480-interrelated threat actors Over 2.1 million attacks At least $3 billion in losses |
London Blue | Nigeria | Online scams Business email compromise (BEC) | Phishing Fake online ads Commercial data analysis | 50,000 potential targets Members in three continents |
Black Axe Confraternity | Nigeria | Prostitution Human trafficking Narcotics trafficking Theft Money laundering Email fraud/ cyber crime | Phishing Spam campaigns Romance scams Document forgery | Hierarchical group structure Members in three continents $100s of millions stolen |
Forkbombo | East Africa | Money laundering Cyber crime Online banking theft | Open-source malware tools Spyware and keyloggers | Constant threat to African banks Produce and distribute malware |
Grapzone threat group | Kenya | Cyber-enabled fraud Air tickets and Money Gram heists | Remote access tools (RATs) Spyware and keyloggers Hardware backdoors | Threat to Kenyan businesses Threat to money transfer firms |
Silent Cards | East, Southern, and Central Africa | Cyber-enabled fraud Cyber crime | Spyware and keyloggers Hardware backdoors | Targets banks, mobile banking service providers, ISPs, holding companies, hedge funds, betting firms, government, and financial sectors across East Africa |
The Sakawa Boys | Ghana | Cyber-enabled fraud Romance scams | Phishing Social engineering | Frequently target men in Asia, Europe, and America with romance scams |
AnonGhost | Northern Africa | Cyber espionage | Manual hacking | Targets global governments to make classified information public Members in four continents |
Scattered Canary | Nigeria | Business email compromise (BEC) | Phishing Information stealers Remote access tools (RATs) Identity theft Social engineering | Attempted to defraud federal Cares Act of $5.4 million in COVID-19 relief payments |
As Noëlle van der Waag-Cowling explains, South Africa lacks sufficient capacity, legal systems, and will to counter sophisticated cybercrime,80 even before facing the intense crime that newer technology paradigms like crypto bring. Thus, South Africa’s banking regulator and regulated crypto companies would do well to adequately prepare and minimize the harm exposure, especially to financially vulnerable customers who may be lured by the grand promises and not sufficiently aware of the attendant risks. One crucial part of digitization that is understated and frequently missed altogether is that digital technology is an enabling technology. That is, it enables other forms of technology to operate with greater efficiency and new use cases. Within this context, the current cybersecurity challenges with basic digital finance products, for example, point to a deeper problem—that the risks of a fully digital economy are not being fully taken into account. For example, if we want a farmer to open a bank account on their phone, or make financial transactions, we want to make sure that this farmer completely understands that there are real risks of them losing their finances. Highlighting how the digital finance product solves a payment or money movement problem is not enough. It also means that DFS providers work with users to change their understanding of what that device means to them.
Unfortunately when digital technology tools are presented in marketing or policy, users are not always properly educated about the associated risks and how to mitigate their vulnerability.81
Today it is clear that there is not sufficient user education on the potential risks of digital financial products. At the same time, financial institutions are quick to claim that user errors are a major cause of fraud, thus passing the buck to their unsuspecting customers.
Despite this insufficient understanding and a lack of proper cyber risk mitigation systems implemented and actively managed at scale, DFI programs continue to seek scale with the same methods. But increasing participation in the formal financial ecosystem—and fighting cyber crime in this domain—will find better success if DFS operators prioritize the context within which financial transactions occur instead of simply focusing on the transactions.
At the same time, some African governments flirting with blockchain payment technology seem to believe that because people desire digital assets to play with, the government can fill that gap by providing government-backed digital assets like central bank digital currencies. Central banks like Nigeria’s appear to think that this virtual money, in addition to satiating the crypto desires of the users in the country, will support financial inclusion.82 However, these arguments deflect from both the economic mismanagement that have turned residents to blockchain or stablecoin and the inequalities that, in Africa, keep over 400 million people financially excluded.83 Instead, governments may have to deprioritize the development of digital assets and instead focus on policies that secure the financial ecosystem.
At a high level, for governments this will mean fixing critical infrastructure, building institutional capacity to implement privacy-respecting security measures and engender public trust, simplifying business formalization processes, and providing clear incentives that encourage rather than coerce formal economic participation. African governments and the governed need to question the basic premises that drive financial inclusion strategies toward the digital channel. Importantly, it means that policymakers will have to reexamine the assumptions around the impact of digital access–type financial inclusion programs. Studying and articulating this clearly should foster well-being-oriented financial inclusion programs and allow governments to build models that are economically coherent.
For entrepreneurs, fintechs, and legacy traditional finance institutions, this could mean shifting from competing for marginal profits from fragmented payments flows to focusing on building financial products that enable previously informal (or mostly informal) participants to benefit from formal finance services at will.
Conclusion
The capacity of DFS to create profits for private corporations is uncontested. What is not clear, however, is to the extent DFI has delivered on its promises to financially include residents of the countries where it is deployed.
Understanding the benefits of DFI beyond access is important because the existence of financial services products and their use is an insufficient measure of inclusion. Popular statements and uncritical media reportage claim a direct link between using a payment service, for example, and financial well-being. But a more critical review of available literature on the subject challenges the thinking that accelerating access-to-payments-services inclusion improves financial health. There are contributory factors beyond access that influence impact, and policymaking should strive to understand these factors better to build inclusion programs that cohere with broader economic transformation programs.
As a result, financial inclusion programs must be designed to meet financial needs with the explicit goal of improving users’ financial health. More policy consideration and deeper research is needed, both of which should yield changes in financial inclusion programs. Adopting a needs-focused approach to inclusion—especially for financially vulnerable people—as opposed to passively reaching for access goals will force policymakers and entrepreneurs to test the theory of access upon which current financial inclusion programs are built.
A needs-focused approach helps prevent DFI from being captured as a tool for monopoly power to create unfair corporate profits and/or as a tool for state surveillance. Better regulation is needed to check unbridled capitalism and the negative effects that derive from it. Furthermore, legislation on consumer protection, data protection, and cybersecurity ought to emphasize protecting citizens and residents from government and corporate overreach.
Furthermore, such processes of financial inclusion should not be dependent on digitally linked biometric databases. While IDs are useful for KYC purposes, mandating and enforcing rigid digital ID schemes as a precursor to access the financial system (especially for the most vulnerable groups) risks excluding populations. It significantly extends the surface area for cyber attacks and identity theft given the poor state of cybersecurity and data protections in Africa. And it is vulnerable to mission creep where ID programs are co-opted by governments to build up political and/or invasive state surveillance. Making digital IDs a compulsory requirement for financial inclusion needs further justification from development sector, private sector, and government proponents.
Instead, regulators and financial services providers should widely adopt and implement flexible, tier-based KYC. The process of designing robust financial inclusion programs that meet financial needs will provide insights into how best to implement risk-based KYC policies.
Furthermore, the treatment of the cybersecurity component of DFI as a surveillance project might serve the interests of political elites and the emerging African surveillance state,84 but it undermines the DFI premise altogether.
Ultimately, people need access to participate in the formal financial economy, and digital tools are important in facilitating this access—but participating in the formal financial economy is not an end in itself. In fragile formal financial systems that suffer from poor governance and private capture, increasing the number of participants without financial sector reform only spreads risk. Vulnerable populations suffer the most when financial shocks hit these ill-prepared systems. Scaling DFS is welcome for the convenience and cost savings, but enforcing a vision for financial inclusion that is only digital is reckless leadership that should not be celebrated.
Digitally mediated financial inclusion is not a panacea; it is only a tool. Policymaking that mistakes one for the other in practice or principle is the equivalent of treating DFI as a socioeconomic Maslow’s hammer.
Correction: The article has been updated to reflect that the Huduma Namba ID program had proposed to collect GPS coordinates and user DNA (not that it had actually collected them).
Notes
1 “Launch of the Africa Digital Financial Inclusion Facility,” African Development Bank Group, https://www.afdb.org/en/news-and-events/launch-of-the-africa-digital-financial-inclusion-facility-19333.
2 Faustine Ngila, “South Africa’s Banking and Insurance Sectors Are Overwhelmed by Cyber Attacks,” Quartz Africa, September 8, 2022, https://qz.com/south-africa-is-overwhelmed-by-hackers-1849510056.
3 “Internet Crime Report 2020,” Federal Bureau of Investigation Internet Crime Complaint Center, 17, https://www.ic3.gov/Media/PDF/AnnualReport/2020_IC3Report.pdf.
4 Jonas Nyabor, “Ghana: Electoral Commission Faces Resistance Over New Voter Registration Requirement,” The Africa Report, March 14, 2023, www.theafricareport.com/291530/ghana-electoral-commission-faces-resistance-over-new-voter-registration-requirement.
5 Jim Nash, “Potentially Devastating Digital ID Hack in Argentina Could Have Many Ripples,” BiometricUpdate, October 21, 2021, https://www.biometricupdate.com/202110/potentially-devastating-digital-id-hack-in-argentina-could-have-many-ripples.
6 Website Planet Security Team, 2022, “Nigerian Healthcare Agency Exposed Thousands of Applicants’ Personal Data,” Website Planet, accessed April 19, 2023, https://www.websiteplanet.com/blog/plaschema-breach-report/#hselect--2.
7 Tech2 News Staff, “Aadhaar Security Breaches: Here Are the Major Untoward Incidents That Have Happened With Aadhaar and What Was Actually Affected,” Firstpost, September 25, 2018,
8 Nigerian Economic Summit Group, “Naira Redesign Policy: Caught in the Web,” February 17, 2023, https://nesgroup.org/researchdocument/naira-redesign-policy--caught-in-the-web; and Bunmi Bailey, “Naira Scarcity Seen Slowing Financial Inclusion Drive – Experts,” BusinessDay, February 8, 2023, https://businessday.ng/financial-inclusion/article/naira-scarcity-seen-slowing-financial-inclusion-drive-experts/.
9 Tayo Oviosu (@oviosu), “Barely any... Some guy showed up with 150 BVNs If the identity system itself is compromised…” Twitter post, February 14, 2023, 8:38 a.m., https://twitter.com/oviosu/status/1625489548116639746?s=20.
10 Benjamin Dada, “National IDs Are Important for KYC, but Frequent Downtimes Hinder Their Reliability, Reports Smile Identity,” Benjamindada.com, January 30, 2023, www.benjamindada.com/national-id-smile-identity-kyc-report-2022; and Maryanne Gicobi, “Now Lenders Grapple With Biometrics,” East African, September 22, 2017, https://www.theeastafrican.co.ke/tea/business/now-lenders-grapple-with-biometrics-1373946.
11 Joel M. Chigada, “A Qualitative Analysis of the Feasibility of Deploying Biometric Authentication Systems to Augment Security Protocols of Bank Card Transactions,” South African Journal of Information Management 22, no. 1 (December 2020): 1–9, https://dx.doi.org/10.4102/sajim.v22i1.1194; and Jim Nash, “Africa Needs Biometric De-duplication, Smile Identity Argues,” BiometricUpdate, August 19, 2022, www.biometricupdate.com/202208/africa-needs-biometric-de-duplication-smile-identity-argues
12 “What Is Financial Inclusion,” Consultative Group to Assist the Poor, https://www.cgap.org/financial-inclusion
13 Augustine Abraham, “Nigeria’s Identity Management Agency Wants to Replace ID Numbers With Digital Tokens,” TechCabal, February 3, 2022, https://techcabal.com/2022/02/03/nimc-digital-tokens.
14 Unique Identification Authority of India, Authentication Division, Circular No. 1 of 2018, https://uidai.gov.in/images/resource/UIDAI_Circular_11012018.pdf.
15 “Financial Inclusion: Overview,” World Bank Group, https://www.worldbank.org/en/topic/financialinclusion/overview.
16 Philip Mader and Sophia Sabrow, “All Myth and Ceremony? Examining the Causes and Logic of the Mission Shift in Microfinance from Microenterprise Credit to Financial Inclusion,” Forum for Social Economics 48, no. 1 (2019): https://doi.org/10.1080/07360932.2015.1056204.
17 Ann J. Miles, “From Microfinance to Financial Inclusion: Reflections on 20 Years,” Consultative Group to Assist the Poor, November 16, 2015, https://www.cgap.org/blog/microfinance-to-financial-inclusion-reflections-on-20-years.
18 World Bank Group, “Digital Finance: Empowering the Poor via New Technologies,” April 10, 2014, https://www.worldbank.org/en/news/feature/2014/04/10/digital-finance-empowering-poor-new-technologies.
19 Stella Dawson, “Why Does M-PESA Lift Kenyans Out of Poverty?,” Consultative Group to Assist the Poor, January 18, 2017, https://www.cgap.org/blog/why-does-m-pesa-lift-kenyans-out-of-poverty
20 Russell Southwood, Africa 2.0: Inside a Continent’s Communications Revolution (Manchester University Press, 2022).
21 John Quiggin, Economics in Two Lessons: Why Markets Work So Well, and Why They Can Fail So Badly (Princeton: Princeton University Press, 2019): 171–195, https://doi.org/10.1515/9780691186108-014
22 Jean N. Lee et al., “Poverty and Migration in the Digital Age: Experimental Evidence on Mobile Banking in Bangladesh,” American Economic Journal: Applied Economics 13, no. 1 (January 2021): 38–71, https://doi.org/10.1257/app.20190067.
23 Jean N. Lee et al., “Poverty and Migration in the Digital Age.”
24 “Rural population, percent - Country rankings,” TheGlobalEconomy.com, accessed June 13, 2023, https://www.theglobaleconomy.com/rankings/rural_population_percent/Africa
25 Boniface Kamiti, “Questions for Digital Lenders on Financial Health of Borrowers,” BusinessDaily, March 15, 2022, https://www.businessdailyafrica.com/bd/opinion-analysis/columnists/questions-for-digital-lenders-on-financial-health-of-borrowers-3747838.
26 “U.S. Financial Health Pulse: 2019 Trends Report,” Financial Alliance for Women, 2019, https://financialallianceforwomen.org/download/u-s-financial-health-pulse-2019-trends-report, 1.
27 Paul Gubbins and Amrik Heyer, “The State of Financial Health in Kenya: Evidence from FinAccess,” Financial Sector Deepening Kenya, September 2022, https://www.fsdkenya.org/wp-content/uploads/2022/10/FSDK-Financial-health-report.pdf.
28 Elisabeth Rhyne, “Measuring Financial Health: What Policymakers Should Know,” insight2impact and Cenfri, May 2020, https://cenfri.org/wp-content/uploads/Measuring-Financial-Health.pdf, 6.
29 “FinAccess Household Surveys 2009–2021,” Central Bank of Kenya, Kenya National Bureau of Statistics and FSD Kenya, https://www.fsdkenya.org/category/finaccess/finaccess-household-surveys.
30 Gubbins and Heyer, “The State of Financial Health in Kenya.”
31 “Key Findings: EFInA Access to Financial Services in Nigeria, 2020 Survey,” Enhancing Financial Innovation and Access, June 3, 2021, https://efina.org.ng/wp-content/uploads/2021/10/A2F-2020-Final-Report.pdf.
32 “2021 FinAccess Household Survey,” Central Bank of Kenya, December 2021, https://www.centralbank.go.ke/uploads/financial_inclusion/2064908903_2021%20FinAccess%20Survey%20Report%20Launched_15%20Dec%202021.pdf.
33 Gubbins and Heyer, “The State of Financial Health in Kenya.”
34 Kayode Tokede, “Insurance Penetration in Nigeria Among the Worst in Africa, Says SBG,” THISDAY, April 2022, https://www.thisdaylive.com/index.php/2021/11/29/insurance-penetration-in-nigeria-among-the-worst-in-africa-says-sbg.
35 “Out-of-pocket expenditure (% of current health expenditure) – Nigeria,” World Bank DataBank https://data.worldbank.org/indicator/SH.XPD.OOPC.CH.ZS?locations=NG.
36 Bolaji Samson Aregbeshola and Samina Mohsin Khan, “Out-of-Pocket Payments, Catastrophic Health Expenditure and Poverty Among Households in Nigeria 2010,” International Journal of Health Policy and Management 7, no. 9 (2018): 798–806, https://doi.org/10.15171/ijhpm.2018.19.
37 Dickson Onyango Wandeda, Harriet Tzindoli Ogalo, and Arthur Odima, “Explaining Rural Household Financial Health: Evidence From Kenya,” African Journal of Economic Review 10, no. 3 (2022): 167–185, https://doi.org/10.22004/ag.econ.330313.
38 Peterson K. Ozili, “Contesting Digital Finance for the Poor,” 2020, accessed from Munich Personal RePEc Archive, https://mpra.ub.uni-muenchen.de/101812.
39 David Kocieniewski and Gavin Finch, “Tesla-Backed Startup Made Cheap Power a Debt Burden for the World’s Poorest,” Bloomberg, April 7, 2022, https://www.bloomberg.com/news/features/2022-04-07/how-pay-as-you-go-solar-made-the-world-s-cheapest-new-energy-unaffordable.
40 Author interviews with Nigerian clean energy investors, Zoom, May 2022. See also David Kocieniewski and Gavin Finch, “Tesla-Backed Startup Made Cheap Power a Debt Burden for the World’s Poorest,” Bloomberg, April 7, 2022, https://www.bloomberg.com/news/features/2022-04-07/how-pay-as-you-go-solar-made-the-world-s-cheapest-new-energy-unaffordable?leadSource=uverify%20wall.
41 David Njaaga, “Michael Joseph: This Is Not the Fuliza I Wanted at Safaricom,” The Standard, April 3, 2022, https://www.standardmedia.co.ke/business/news/article/2001442117/michael-joseph-this-is-not-the-fuliza-i-wanted-at-safaricom.
42 Keith Breckenridge, “The Failure of the ‘Single Source of Truth About Kenyans’: The NDRS, Collateral Mysteries and the Safaricom Monopoly,” African Studies 78, no. 1 (2019): 91–111, https://doi.org/10.1080/00020184.2018.1540515.
43 Money254 Team, “Digital Lending in Kenya: A Blessing For Some, A Curse For Others,” Money254, July 20, 2021, https://www.money254.co.ke/post/digital-lending-in-kenya-a-blessing-for-some-a-curse-for-others
44 “Licensing of Digital Credit Providers- January 2023,” Central Bank of Kenya, https://www.centralbank.go.ke/2023/01/30/licensing-of-digital-credit-providers-january-2023.
45 Allan Odhiambo, “Mobile Money Loans Have Left Us Broke, Embarrassed and in Ruins,” Nation, December 9, 2022, https://nation.africa/kenya/business/mobile-money-loans-have-left-us-broke-embarrassed-and-in-ruins-4046776.
46 Allan Odhiambo, “Maasai Shylocks Offer Loans for Small Traders Hit by Fintech Loan Defaults,” Nation, December 9, 2022, https://nation.africa/kenya/counties/kisumu/maasai-shylocks-offer-loans-for-small-traders-hit-by-fintech-loan-defaults-4048324.
47 Tavneet Suri and William Jack, “The Long-Run Poverty and Gender Impacts of Mobile Money,” Science 354, no. 6317 (December 9, 2016): 1288–1292, https://doi.org/10.1126/science.aah5309.
48 Milford Bateman, Maren Duvendack, and Nicholas Loubere, “Is Fin-Tech the New Panacea for Poverty Alleviation and Local Development? Contesting Suri and Jack’s M-Pesa Findings Published in Science,” Review of African Political Economy 46, no. 161 (June 2019): 1–16, https://doi.org/10.1080/03056244.2019.1614552.
49 David John McKenzie and Anna Luisa Paffhausen, “Small Firm Death in Developing Countries,” World Bank Policy Research Working Paper No. 8236, November 2017, https://ssrn.com/abstract=3067083.
50 Charles Mwaniki, “Kenya: Safaricom Share Fall Eases Market Concentration Fears,” African Markets, January 12, 2023, https://www.african-markets.com/en/stock-markets/nse/kenya-safaricom-share-fall-eases-market-concentration-fears
51 Charles Mwaniki, “Safaricom Makes Sh50bn Profit From M-Pesa Unit,” BusinessDaily, July 11, 2022, https://www.businessdailyafrica.com/bd/corporate/companies/safaricom-makes-sh50bn-profit-from-m-pesa-unit-3875406#:~:text=The%20performance%20statement%20shows%20that,07%20billion.
52 “Shareholders,” Safaricom, accessed June 13, 2023, https://www.safaricom.co.ke/sustainabilityreport_2018/stakeholder-engagement/shareholders
53 Haleem Olatunji, “Telcos to Suspend USSD Services Over N42bn Debt Owed by Banks,” Cable, March 12, 2021, https://www.thecable.ng/telcos-to-suspend-ussd-services-over-n42bn-debt-owed-by-banks.
54 Temiloluwa O’Peters, “USSD: Banks Disconnect MTN From Banking Channels,” THE PUNCH, April 2, 2021, https://punchng.com/ussd-banks-disconnect-mtn-from-banking-channels.
55 Predominantly mobile systems have more mobile phone cyber security incidents, since that is how most systems are built. A bring-your-own-device-to-work culture deepens these risks, especially for smaller firms and retailers whose phones act as mobile PoS devices.
56 Samuel Oyekanmi, “GSM Telcos Lose N1.1 Billion to SIM Card Registration Ban,” Nairametrics, 2021, https://nairametrics.com/2021/05/03/gsm-telcos-lose-n1-1-billion-to-sim-card-registration-ban.
57 Chijioke Iremeka, “NIN Registration: How Private Centres Fleece Applicants, Risk Bank Accounts,” Guardian, March 26, 2022, https://guardian.ng/saturday-magazine/nin-registration-how-private-centres-fleece-applicants-risk-bank-accounts; and Idris Muhammad, “Extortion, COVID-19 Protocol Violation – NIN Registration Experience In Katsina,” HumAngle, December 23, 2020, https://humanglemedia.com/extortion-covid-19-protocol-violation-nin-registration-experience-in-katsina.
58 Kelechukwu Iruoma and Justice Nwafor, “Nigeria Blocks 73 Million Mobile Phones in Security Clampdown,” Reuters, April 20, 2022, https://www.reuters.com/article/nigeria-tech-phones-idAFL5N2WA06Z.
59 Russell Southwood, Africa 2.0, 200.
60 Wole Masodomi, Minna, “Traders Reject New Naira Notes in Niger,” Vanguard, January 10, 2023, https://www.vanguardngr.com/2023/01/traders-reject-new-naira-notes-in-niger.
61 Sarafadeen Fasafai, “HOW TRUE MY NIJA POS AGRNTS ? HOW TRUE NIGERIANS ,ARE YOU GETTING NEW NOTES FROM AGENTS?,” LinkedIn post, February 2023, https://www.linkedin.com/posts/sarafadeen-fasasi-21b153165_how-true-my-nija-pos-agrnts-how-true-nigerians-activity-7024297850368843777-bUHT?utm_source=share&utm_medium=member_desktop.
62 Nicola Jentzsch, “Implications of Mandatory Registration of Mobile Phone Users in Africa,” Telecommunications Policy 36, no. 8 (September 2012): 608–620, http://dx.doi.org/10.1016/j.telpol.2012.04.002.
63 Jeremy Wickins, “The Ethics of Biometrics: The Risk of Social Exclusion From the Widespread Use of Electronic Identification,” Science and Engineering Ethics 13 (2007): 45–54, https://doi.org/10.1007/s11948-007-9003-z.
64 Kedolwa Waziri, “The Ones Who Are, but Don’t Exist: Being Nubian, and Kenyan,” The Elephant, July 5, 2019, https://www.theelephant.info/reflections/2019/07/05/the-ones-who-are-but-dont-exist-being-nubian-and-kenyan.
65 “Lightning Talk: The Role of Human Agents in Enabling Digital Financial Inclusion,” from Cy-Lab Africa Summit, posted on YouTube by Carnegie Mellon University Africa, November 3, 2022, https://www.youtube.com/watch?v=gXam4V4Ks_U.
66 Hennie Bester et al., “Implementing FATF Standards in Developing Countries and Financial Inclusion: Findings and Guidelines,” Genesis Analytics, February 2008, https://www.findevgateway.org/sites/default/files/publications/files/mfg-en-paper-implementing-fatf-standards-in-developing-countries-and-financial-inclusion-findings-and-guidelines-feb-2008.pdf.
67 Samson Akintaro, “Nigeria Data Protection Bureau Probes Two Banks Over Alleged Data Breach,” Nairametrics, January 31, 2023, https://nairametrics.com/2023/01/31/nigeria-data-protection-bureau-probes-two-banks-over-alleged-data-breach.
68 Tayo Oviosu, “KYC is the bane of fintech progress,” Twitter post, February 14, 2023, 8:29 a.m., https://twitter.com/oviosu/status/1625487466517139461?s=20&t=9QGK3tbxdFYYukzkK4SCsQ.
69 Peter Atsiaya, “M-Pesa Details Used ‘to Register’ Party Members,” The Standard, 2012, https://www.standardmedia.co.ke/business/business/article/2000050087/m-pesa-details-used-to-register-party-members.
70 Luis Monzon, “Kenyans Are Being Registered for Political Parties Without Knowledge or Consent,” ITNewsAfrica, June 21, 2021, https://www.itnewsafrica.com/2021/06/kenyans-are-being-registered-for-political-parties-without-knowledge-or-consent; and Julius Otieno, “Kenyans Protest Registration as Party Members Without Consent,” The Star, June 19, 2021, https://www.the-star.co.ke/news/2021-06-19-kenyans-protest-registration-as-party-members-without-consent.
71 Dominic Omondi, “KRA to Track Mobile Money Transactions in Tax Cheats Purge,” BusinessDaily, January 19, 2023, https://www.businessdailyafrica.com/bd/economy/kra-to-track-mobile-money-transactions-in-tax-cheats-purge-4091688.
72 Twitter search for terms “MPESA + KRA + cash,” results accessible at https://twitter.com/search?q=MPESA%20%2B%20KRA%20%2B%20cash&src=typed_query.
73 Kevin P. Donovan and Aaron K. Martin, “The Rise of African SIM Registration: The Emerging Dynamics of Regulatory Change,” First Monday 19, no. 2 (February 2014): http://firstmonday.org/ojs/index.php/fm/article/view/4351/3820.
74 David Hundeyin, “Dear 3rd World Country, What Do You Need All My Data For?,” BusinessDay, January 12, 2021, https://businessday.ng/columnist/article/dear-3rd-world-country-what-do-you-need-all-my-data-for.
75 Daniel Mwesigwa and Thomas Robertson, “Are Cryptocurrencies the Future of Freedom and Financial Inclusion in Africa?,” CIPESA blog, Collaboration on International ICT Policy for East and Southern Africa, June 2, 2021, https://cipesa.org/2021/06/are-cryptocurrencies-the-future-of-freedom-and-financial-inclusion-in-africa.
76 Geoff Goodell and Tomaso Aste, “Can Cryptocurrencies Preserve Privacy and Comply With Regulations?,” Frontiers in Blockchain 2 (2019): https://www.frontiersin.org/articles/10.3389/fbloc.2019.00004/full.
77 Nate Allen, Matthew La Lime, and Tomslin Samm-Nlar, “The Downsides of Digital Revolution: Confronting Africa’s Evolving Cyber Threats,” Global Initiative Against Transnational Organized Crime, December 2022, https://globalinitiative.net/wp-content/uploads/2022/12/Digital-Downsides-Report-9-Dec-web.pdf.
78 “South Africa’s Many Worrying Crypto Scams Put the Industry Under Pressure,” WeeTracker, October 26, 2022, https://weetracker.com/2022/10/26/south-africa-crypto-scams/
79 Ephraim Modise, “How a South African Hacker Group Stole Millions in Resources From Cloud Platforms to Fund Crypto Mining,” TechCabal, January 10, 2023, https://techcabal.com/2023/01/10/sa-hacker-group-microsoft-salesforce.
80 Noëlle van der Waag-Cowling, “Dividend or Liability? Financial Inclusion, Digital Deprivation, and Cyber Risk Proliferation in South Africa,” Carnegie Endowment for International Peace, May 2, 2022, https://carnegieendowment.org/2022/05/02/dividend-or-liability-financial-inclusion-digital-deprivation-and-cyber-risk-proliferation-in-south-africa-pub-87017.
81 Allen, La Lime, and Samm-Nlar, “The Downsides of Digital Revolution.”
82 Busola Aro, “Emefiele: ENaira Will Speed Up Rate of Nigeria’s Financial Inclusion,” Cable, May 10, 2022, www.thecable.ng/emefiele-enaira-will-speed-up-rate-of-nigerias-financial-inclusion.
83 Sabine Menash, “Let’s Change the Game, Hand in Hand With the Unbanked,” AfricaNenda, September 13, 2021, https://www.africanenda.org/en/blog/2021/lets-change-the-game-hand-in-hand-with-the-unbanked.
84 “State Surveillance of Citizens Going Unchecked Across Africa,” Institute of Development Studies October 21, 2021, https://www.ids.ac.uk/news/state-surveillance-of-citizens-going-unchecked-across-africa.