Privacy on the Line: What do Indians think about privacy & data protection?

By Beni Chugh, Varun Aggarwal and Malavika Raghavan, Dvara Research

We met Sulekha[1] in a village in Uttarakhand. She was talking about the information she considered most important to her: her ration card, Aadhaar card, NREGA job card and her phone number. When asked how much she would sell this information for, she visibly withdrew saying she did not want any money for it. What would she need to share this information? She replied simply: a guarantee that it would not be misused.

Sulekha was one of the 50 people we spoke to as part of a small, deeply qualitative study on which the Future of Finance Initiative (FFI) at Dvara Research partnered with Dalberg Design and CGAP. We set out to understand: ‘how do ordinary citizens of India think and act on their privacy and data protection?’ Across four regions of the country (Maharashtra, Uttarakhand, Tamil Nadu and Delhi) we used the Human Centred Design (HCD) method to have discussions to understand not just what people say, but how they think, act and feel. The final report on the study is available here.

Our conversations in the field revealed that contrary to common perception, people in India care deeply about their personal data and privacy. Respondents were surprised that service providers could share their personal information with third parties and wanted to be informed of such sharing. People were also sensitive about sharing their personal data such as photos, messages and browsing histories—even with their family—and were unwilling to sell certain types of personal data like their telephone numbers.

Even the data that they were willing to share in order to receive services came with conditions. People wanted to know how their data was handled. They also, much like Sulekha, wanted an assurance from providers that no harm would come to them through the use of their data. Many of the interviewees recognised their inability to understand standard notice clauses and wanted more visual forms of consent that they could easily understand without relying on others.

Alarmingly, most interviewees had experienced fraud (especially via phone impersonators), and did not know how to protect themselves or seek redressal. Women, in particular, were highly vulnerable to reputational harms, and self-censored themselves (for example by not sharing phone numbers or photos) to protect themselves.

Although the government and its institutions inspired universal trust, people working in government institutions were not trusted with personal data – unless the employees came from the same community group or geographic area. Agents of banks and mobile network providers were also recognised as common perpetrators of illicit disclosures of personal data.

In cases where harm was caused to them as a result of a data breach, the respondents wanted easy access to seek redressal, and wanted to be compensated fully.

We heard individuals asserting their right to have their personal information treated responsibly. They indicated clear and strong preferences for a system that provides them agency and control over their data. Citizens at the grassroots want a data protection regime where providers are held accountable and are obligated to treat personal data responsibly.

You can read the full report here and watch the below video on the study.

[1] Name changed.


Conversations with the newly banked in Indian cities

By Bindu Ananth

Initially, Kanhaiya[i] was wary of speaking to us. He was clutching his wallet tightly and declared upfront that he would not be showing us his ATM card. As we spoke more about his journey as an agriculturist in a small village in Madhya Pradesh to a plaster of Paris contractor in Ghaziabad, he started opening up. He told us about the many times he didn’t get paid for his work but this one time, he was so angry that he destroyed his own creation. More recently, his ATM card had broken and when he went to the branch to withdraw cash to pay his workers, he was refused because his signature didn’t match. While he is waiting to be re-KYCed, he has taken a loan to make payments to his workers. He resignedly concluded to us “dhokha bahut hota hai”. Before he left us, he made us write down on a chit of paper “Recurring Deposit”. He wanted to take it to his bank to ask them how he could open one of those things for his 2 year old daughter.

We met Salim in a cramped room in Tughlakabad, Delhi where he was executing an elaborate design on a bridal lehenga. He lives and works in this room with eight others. His family lives in Nawabganj village of Bareilly. He used to work in a company previously but left because he felt disrespected. When we ask him about how he plans his finances, he laughs and says “only rich people can plan their money”. He talks about losing savings balances to minimum balance fees and not being disciplined enough to sign up for chit funds that many of the other workers are a part of.

Dinesh Gowda moved to Bangalore from Mysore three months ago armed with a Bachelors in Mechanical Engineering degree and found a job at a metallurgical unit, earning Rs. 15,000/month. He spoke to us passionately about starting an auto-parts business back in Mysore after a few years of acquiring skills & experience. His brother-in-law is his money manager. He withdraws his entire salary from his bank account every month, hands it over to his brother-in-law every month and receives a fixed allowance for expenses. We met him around Diwali and he was waiting to get his allowance to buy gifts for his parents and sister back in Mysore. When we asked him how he felt about this arrangement, he shrugged and said, “family knows best”.

Our[ii] conversations with Kanhaiya, Salim and Dinesh were part of a series of 100 + interviews across Mumbai, Shimoga, Bangalore, Chikmanglur, Kochi, Thiruvalla, Delhi, Gurgaon and Ghaziabad where we tried to understand the journeys of the “newly banked”. We defined this as a category of people, who by virtue of migration from the village to the city or starting out at a new job, have recently gained access to a bank account and a smart phone. Our hypothesis is that this combination becomes an important on-ramp for the broader suite of financial services (credit including mortgages, investments, insurance) that are relevant to people. What we found on the ground for now is a dogged duality – almost everyone we spoke to had a bank account (this would not have been the case even 3 years ago) that they opened either as a salary account or to facilitate remittances in the case of rural-urban migrants, but relied heavily on the informal sector (friends, family, chits) to manage their broader financial needs.

Should’ve, could’ve, didn’t (invest)

The apparent reasons for this duality are not surprising. We consistently heard that it is difficult to scale the relationship with the bank beyond the savings account. While there is a strong desire to save/invest for long-term goals, there are no good solutions to solve for challenges around income volatility (a few people spoke to us about lapsed LIC policies due to inability to make regular payments) and behavioural aspects (illiquidity preference, mental accounting). Talking about investments evoked considerable feelings of “FOMO” amongst everyone – everyone had a sense that they may be leaving money on the table but were not comfortable approaching banks with their questions. Interestingly, there doesn’t seem to be a clear “action point” or “go-to brand” when it comes to figuring out investments, people talk about the market as a whole or in abstract concepts. A notable exception was a lady tailor in Delhi who asked us how she could get in on the Bitcoin bandwagon! By and large, LIC endowment policies are the way people invest for long-term goals. This is also true of educated, new-to-the-workforce millennials who follow parents’ advice on investments. The LIC ecosystem doesn’t seem very inter-operable for migrants. People routinely spoke about going back to their villages to make payments[iii].

We asked people specifically who they turn to for advice if they received an unexpected bonus or extra income. This always led us in the direction of some member in the extended family who was relatively speaking better-off and seemed in control of his (in all cases, a man) finances. There was blind faith in these trusted advisors. One young respondent who worked in an IT firm in Bangalore had signed up for unit-linked plans with ten year lock-ins on the advice of his uncle in Patna.

Almost everyone we met had a smartphone and was an active user of whatsapp, FB and Youtube. While the educated, urban respondents used the apps of their banks typically for checking balances and Paytm for sending friends money and bill payments; there was no dominant financial app being used in an integrated manner.

Opportunity for a new, customer-centric architecture

One upshot of all the technological innovation in finance in recent times is a significant reduction in fixed costs & entry barriers. In India, we have identity-as-a-service (Aadhaar), KYC as a service (e-KYC) and payments as a service (UPI) that is already catalyzing a remarkable number of start-ups who are specialized and are innovating at the application layer. Experts[iv] in this space have already predicted the “unbundling and re-bundling” that is likely to occur in retail financial services and the emergence of new players and value propositions. Banks are unlikely to be able to serve this newly banked customer base effectively given the continuing challenges with cost-to-serve. This was clear to me when I was at a panel recently with Mr. P.N Vasudevan of Equitas Small Finance Bank. He noted that their liability customers are completely distinct from their credit customers because of the need for minimum balances in the former and this is a bank whose ethos is deeply about frugality and has a ready base of millions of micro-customers.

The early wave of business models among fin-techs, however, continues to be product-driven (digital credit, digital investment platforms) while leveraging the digital infrastructure for efficiencies. However, for the generation of customers who are new to the formal system, the product lens is not intuitive and often, drives them back to familiar arrangements of friends and informal channels.

In our view, what would be transformative is a proliferation of segment-specific (students, free-lancers, migrant) interfaces and solutions that enable the on-ramp from the bank account to the broader universe of financial services. Automated savings apps such as Digit are a good example of this. A deep understanding of the needs of the customer, converting that into a meaningful and trusted solution and getting interface design right will matter a great deal. Building trust is also obviously a big factor when going beyond credit and small-value payments. Despite poor service and experiences, people repeatedly go back to Public Sector Banks and LIC because of the sense that their money will be fundamentally in safe hands[v].

Watch this space for further updates on our own work on this front.

[i] All respondent names have been changed

[ii] This is joint work by Dvara Research and Pensaar Design. A lot of my thinking on this topic was triggered during a recent stint as an entrepreneur-in-residence with the Omidyar Network

[iii] One merchant we met told us that LIC APIs are not available for integration with third-party platforms such as remittance service providers.

[iv] https://www.omidyar.com/blog/now-fintech-has-unbundled-our-financial-lives-can-it-re-bundle-them

[v] Separately, the virtue of Public Sector Banks being focused on providing access to savings and term deposits and limiting the asset side of their balance sheet to rated debt securities and government securities (https://www.bloombergquint.com/opinion/2017/10/09/do-indias-weak-banks-need-a-stronger-dose-of-corrective-action) needs to be seriously explored.


Harms to Consumers in a Modular Financial System

By Beni Chugh & Nishanth K, Dvara Research

This post is part of our blog series on the Conference on Designing Regulations for a Rapidly Evolving Financial System hosted by Dvara Research (formerly known as IFMR Finance Foundation).

In the previous blog posts, we discussed what we mean by Modularisation of financial services, and we looked at the strategic evolution of business models in order to efficiently deliver financial services to benefit consumers in a modular world. However, it is necessary to balance this promise of efficiency in a modular financial system with the potential risks that could manifest. In this blog post, we explore the potential concerns for consumer protection regulation that have emerged directly or indirectly as a result of Modularisation. The unbundling of the processes associated with the manufacturing and distribution of financial products may amplify existing consumer risks as well as create new risks and harms to the consumer. In India, the typology of consumer harms in financial sector is informed by the Financial Sector Legislative Reforms Commission[1]. The understanding of harms is founded on the premise that a consumer has some rights and that the infringement of these rights has a negative consequence for the consumer, which we understand as ‘harm’. FSLRC identifies the following consumer harms:

  • Unfair conduct
  • Unfair contracting terms
  • Inadequate disclosure
  • Inadequate redress
  • Unsuitable advice

The challenge facing regulators and policy makers today is to anticipate and guard against new kinds of consumer harms that could be caused by Modularisation, while also ensuring that existing harms from traditional models are not amplified and are brought under control. In particular, the use of digital technology for delivery of financial services which catalyses the trends of disintermediation in financial services, creates new harms for the consumer. Below, we elucidate these specific harms:.

  • Harms due to technology failures: Given the amount of data collected, stored and transmitted digitally in the payments process, there is an increasing threat of security failures which may result in financial or data loss. The absence of hardware checks for mobile phone handsets or universal regulations limiting pre-installed applications on mobile phones opens up the possibility for phones manufactured in other countries becoming hotspots for data theft and spyware.
  • Harms due to inadequate redressal: Modularisation increases the number of firms involved in a financial transaction. A modular financial system with several players working together to provide financial products and services would mean that there exists a variety of different consumer touch points for the delivery of the product. It would also be the case that several institutions would play a role in the design and delivery of the product. This would create an ambiguous environment for the consumer to identify which institution he or she must approach for redressal[2].
  • Harms due to Obsolescence: With this rapid pace of innovation comes the threat of obsolescence—both of hardware and software technologies—that users require to access services. Obsolescence may create a barrier to service delivery by excluding certain consumers from access. It could also disrupt service delivery to existing customers from incompatibilities that arise following technology upgrades. This creates additional costs for the consumer.

By harvesting data where traditional data is absent, the new ‘modular’ businesses are being able to tap market segments that were previously untapped or underserved. In order to fully understand the implications of data driven models for consumers, it is important to understand the working of these data-based businesses. One particular case indicates how data driven models could harm consumers. In 2015, a study pointed out that the price of The Princeton Review’s Online SAT programs differed according to the ethnicity of the consumer[3]. Asians were being systematically charged twice that of the American consumers, and the customer profiling was based on zip-codes. This presents a new harm of discrimination, raising important public policy concerns. While discrimination is a consequence of the algorithmic ability of businesses to efficiently segment populations, the sheer handling of large sizes of personally identifiable information itself, could be a source of harm. We classify these harms as follows:

  • Harms from Market Exclusion: Though alternative data today is enabling financial inclusion where traditional data does not exist, the unanticipated aggregation of person’s data from multiple sources to draw adverse conclusions about the individual poses a real harm. For instance the possibility of financial exclusion due to new data practices can lead to market “segmentation” or “customisation”. This could systematically prefer one segment and unfairly discriminate against the other.
  • Harm to individual liberty: Even when the access to big data is authorised, personal and sensitive information like geolocation or political affiliation could be used to the detriment of the individual. This is especially plausible in jurisdictions where data processing laws are not transparent enough or the rule of law is not strong enough.
  • Harms due to untested design of algorithms: Decisions based on untested algorithms could well be inaccurate or unfair. Algorithms typically work like black boxes and often result in unknowable conclusions which may lead to bad outcomes for consumers of businesses using such algorithms.
  • Privacy Harms: At the level of the individual, the interconnectedness of data sets increases the risk of unauthorised use of personal information like biometrics.
  • Harms due to the ability to differentiate: The extreme efficiency of big data to differentiate among individuals can jeopardise important social benefits. For instance the ability to distinguish between individuals based on their susceptibility to health issues and systematically excluding them from insurance products could attack the foundation of risk-pooling itself. This will leave the most vulnerable individuals out of insurance markets, an outcome that societies do not desire.
  • Harms due to constant surveillance: Constant surveillance is known to reduce the ability of humans to engage in independent, creative and innovative thoughts.
  • Harms due to permeable group privacy: Though some people in a group may seek to maintain their privacy, their privacy could still be breached because individuals similar to them have revealed their preferences. The ability of big data to analyse and infer can lead to weaker privacy for even those individuals who value it more than the rest.

A better understanding of these harms is necessary for us to better inform policy and regulation for consumer protection. While the potential benefits of Modularisation in financial services to the consumer and emerging businesses are widely acknowledged, it is quintessential to balance them against the risks posed to the consumer. In the next post, we shall look at concerns that Modularisation raises for prudential regulation.

[1] MoF (2013), “Financial Sector Legislative Reforms Committee (FSLRC) Report”, Ministry of Finance
[2] Modularisation further bolsters the argument for the creation of a cross-sectoral Financial Redress Agency as an exponential growth in complaints is likely to be happen. This agency should be able to overcome inter-regulatory challenges and regulatory blind-spots in harmonising consumer protection rules and rights along with the legal capabilities to enforce punitive sanctions on market participants.
[3] Vafa K, Haigh C, Leung A, Yonack N. Price Discrimination in The Princeton Review’s Online SAT Tutoring Service. Technology Science. 2015090102. September 1, 2015. (https://techscience.org/a/2015090102)


Mapping Modularisation in the Financial Services Industry

By Nishanth K & Madhu Srinvas, Dvara Research 

This post is part of our blog series on the Conference on Designing Regulations for a Rapidly Evolving Financial System hosted by Dvara Research (formerly known as IFMR Finance Foundation).

In a previous post of this series, we introduced the recent trend of ‘Modularisation’ that formed the basis for the deliberations at the third Financial Systems Design Conference. Moving away from the traditional model of service delivery where financial institutions perform all the functions associated with the delivery of a product to a consumer, the trend of Modularisation has seen the emergence of specialist institutions that perform only a subset of the universe of functions that were traditionally performed by a single financial institution, and many such specialist institutions together combine to offer a financial service to the end-customer. It is to be noted that Modularisation goes beyond the use of specialised intermediaries for certain functions such as cash management or loan sourcing, which is common practice in traditional financial services delivery. For instance, the sale of a credit product may now involve online aggregator platforms that create and manage the relationship with the consumer. Borrower verification and risk assessment may involve multiple firms such as credit information companies and data analytics firms. Product design may involve a lending institution with specialised knowledge of the particular customer segment and an eventual financial institution that aggregates the risk and provides the balance sheet resources. This presents new opportunities for consumers and new entrants while introducing new challenges for incumbent institutions as well as for the regulators overseeing the functions under question.

Strategic Evolution of Business Model Archetypes

Modularisation has brought in its wake disruptions to traditional business models in financial services. This is due to:

  1. The decoupling of manufacturing and distribution functions and the creation of marketplaces that move away from one-to-one to many-to-many principal-agent relationships;
  2. The embedding of financial product delivery into both offline and online real sector businesses, resulting in the blurring of the lines between financial and non-financial service delivery.

One of the ways to understand Modularisation in financial services is to segregate the functions of a financial service provider into two broad categories: Product Creation and Product Distribution. We visualise this distinction by classifying the emergent business models into four categories, as described in the Report[1] by Oliver Wyman titled “Modular Financial Services: The New Shape of the Industry”.

Source: Oliver Wyman

  1. Vertical Integrator – This category represents a fully integrated institution which handles all functions from product creation to the delivery of product and its servicing. Universal banks are an example of a vertical integrator.
  2. Component Supplier – This category represents institutions that design the financial product but distribute through third party institutions. A typical example is a bank using business correspondents to originate loans.
  3. Demand Aggregator: A business correspondent is a typical example of a demand aggregator. It distributes products and services which are designed and manufactured by another institution.
  4. Platform Provider: In a fully modular environment, a platform provider links customers to multiple suppliers. The tasks involved in the manufacturing and distribution of financial products are performed by a variety of specialist firms. The platform provider links firms providing various functions such as product design, risk analytics, back-office operations, payments, balance sheet management and so on to cater to the end customer.

The Component Supplier and Demand Supplier models have enabled the embedding of financial products into the retail commerce sector. These modularised models of finance enable the sale of credit and insurance products along with the sale of goods on platforms such as e-commerce websites. A typical example of a platform provider in India would be an e-commerce platform such as Flipkart or Amazon that enables the sale of credit products along with the sale of retail merchandise. This integration allows the consumer to avail extremely customised products through a seamless delivery experience.

To set the context for the Conference, Duncan Woods, Partner at Oliver Wyman, led the introductory session on mapping this recent trend of Modularisation (See video below). He also covered business models that are shaping the ‘modular’ financial system and elaborated on their potential in serving the un/under banked segment.

Benefits to the Consumer

There are several factors that have motivated the trend of Modularisation in the financial services industry. Most important among these, is that Modularisation of financial services will potentially benefit the consumer in multiple ways:

  • Providing convenient and efficient services:. The emergence of the digital medium as a powerful channel for the delivery of financial products has enabled the consumer to have access to financial products offered by a multitude of providers. Firms such as e-commerce websites and social networking sites are now leveraging their existing relationship with the consumer to provide financial products. Service providers are now able to access relevant and clean sources of data on consumers through APIs which are enabling the provision of easier and more targeted and customised services. This availability of on-demand and holistic financial services through digital channels is allowing these newer firms and channels to challenge the traditional brick-and-mortar banking model.
  • Enabling access to customised products at reduced costs: The unbundling of processes involved in completing the delivery of a financial product has provided financial institutions the choice of employing specialised institutions in a manner that significantly reduces operating expenses. This, coupled with existing cost-effective and scalable technologies in financial services, is bringing down the costs associated with the delivery of products. For instance, in the case of credit, online origination platforms are able to reduce loan processing and underwriting costs. This may enable financial services providers to offer smaller-value loans to households and small businesses in a more cost-effective manner. This may permit better alignment of products to the preferences of these consumers.

In subsequent posts, we explore challenges for regulation in a modularised world.

[1] Modular Financial Services: The New Shape of the Industry, Report by Oliver Wyman, 2016 (http://www.oliverwyman.com/content/dam/oliver-wyman/global/en/2016/jan/OliverWyman_ModularFS_final.pdf)


Designing Regulations for a Rapidly Evolving Financial System – Financial Systems Design Conference 2017

By Nishanth K & Madhu Srinivas, Dvara Research 

Dvara Research (formerly known as IFMR Finance Foundation) held its 3rd Financial Systems Design Conference on August 4th and 5th, 2017 in Chennai India. The two-day Conference brought together a carefully curated group of regulators, academics and thought leaders in financial services to examine the trend of Modularisation and its implications for regulation design for the Indian Financial System.

Modularisation is defined as the unbundling of the financial services value chain into different modules. Traditionally, financial services industry has been populated with institutions that perform all the functions associated with the delivery of a product to a consumer. From the on-boarding of the customer to the delivery and servicing of the product, a majority of, if not all, the functions associated with the sale are performed internally within an institution like in the case of full-service banks.

The recent trend of firms engaging in only a specific part of a financial transaction typifies the growth of Modularisation in the system. In a modular financial system, each module contains a set of functions which may now be performed by different institutions. This allows specialised firms to combine their offerings together and provide a financial product to the end customer.

This unbundling of services could potentially benefit the consumer in multiple ways. However, regulation would have to evolve to mitigate any amplification of existing consumer risks as well as new risks to the consumer because of modularisation. Additionally the regulators would also need to be aware of the implication of modularisation on systemic risk.

Given the above context, the Conference hosted a set of sessions that covered a discovery of potential impacts, benefits and harms to consumers from Modularisation, as well as implications for prudential and customer protection regulations for the modular world, led by experts from India, US and Australia.

Conference Participants

The conference was structured in a manner conducive to addressing the following questions at its core:

  1. How Modularisation has been shaping, and could potentially shape the financial services industry?
  2. How should regulation respond to the trend of Modularisation?

The Conference yielded rich discussions and the participants identified several interesting issues and priorities for the Indian financial system. The Conference website contains the agenda and the profiles of participants. We will be in the coming days releasing the conference proceeds, and through a series of posts detail the insights that came out of the discussions at the conference.