A Guide to Assessing and Implementing the Universal Standards for Social and Environmental Performance Management

Dimension 4 - Client Protection

Client protection is the minimum standard for all responsible financial service providers. The standards in this dimension ensure that the financial institution has the practices and systems in place to prevent harm to their clients, while those clients access and utilize their financial and non-financial services. Institutions that seek to create benefits in their clients’ lives must first ensure that they do no harm, and it’s their responsibility to prevent it.

Important note: the Client Protection (CP) Standards that are used for CP assessments and Certifications are not limited to this Dimension and are composed of Essential Practices and Indicators across other dimensions of the Universal Standards as well. Please refer to the Client Protection Standards Manual to see a full list.

Dimension 4 includes five standards:

Standard 4A. The provider does not overindebt clients.

Providers are responsible to take adequate care in all phases of their credit process to determine the clients’ repayment capacity and provide credit within this capacity such that clients can repay without risking of becoming over-indebted. In addition, providers implement and monitor internal systems that support prevention of over-indebtedness and foster efforts to improve market-level credit risk management (such as credit information sharing/reporting).

This standard has 2 essential practices:

4.A.1 The provider makes loan decisions based on a client's repayment capacity.

Your institution should have policies that define each step in the loan analysis and credit approval process. In your effort to prevent client over-indebtedness, the policies that guide field staff are your most important tool. Make sure that field staff not only know the procedures but understand why over-indebtedness is dangerous for clients and bad for their own portfolios. For more information about the causes of over-indebtedness and the consequences for clients you can read the field example below on Musoma and these market level studies:

Resources for essential practice 4.A.1
Implementation for essential practice 4.A.1
Loan approval
  • Define the maximum percentage of a borrower’s disposable income that can be applied to debt service, including debt from your institution. Loan officers should not recommend a loan amount that exceeds the maximum debt threshold for the client. The amount recommended for the client should be based on the cash flow of the client’s household and business income, which was constructed during the repayment capacity analysis. Establish a maximum debt threshold up to 70% percent - where the percentage is calculated as a portion of the client’s monthly disposable income, e.g., installment/household surplus. The remaining amount (minimum 30%) is there to allow a safety net for the client in case of emergency expenses, or to account for approximation or errors in the cash-flow analysis, or for potential unexpected drop of income.  Use conservative criteria when information collected from the client is less reliable than usual, the client is new to the institution, market saturation is high, the institution is experiencing system-wide delinquency, and in other situations where the client may be more vulnerable to over-indebtedness.  
  • The benchmark used for the household surplus ratio generally increases for renewal loans, depending on the number of loans the client has with the provider, their other outstanding debts, and the client’s repayment history. For example, you may determine the threshold such that for the first loan this ratio must not exceed 50 percent, for the second loan 60 percent, and for all subsequent loans, 70 percent of the client’s monthly disposable income.
Cash flow analysis

The cash flow analysis should take into account business and household income/expenses and liabilities from all sources, including informal ones such as a loan from a neighbor. Include all household members in the debt assessment (e.g., a spouse’s loans outstanding), and count indirect debt as well (e.g., guarantees made for another person’s loan).  

In the credit policy, the institution should list the specific sources of income that can count toward the client’s total. For example, remittances may be a volatile income source in some cases (e.g., a relative living abroad has an informal job and sends variable amounts on an occasional basis)—in which case they should not count as income—or they might be relatively stable (e.g., a husband has steady employment and sends regular payments)— in which case it is likely safe to count the remittances as income. Provide explicit guidance on different sources and scenarios.

  • Enforce prudent limits for renewal in the case of early repayment. Require a “cooling off period”—a short break—between loans, to inhibit clients from using borrowed money in order pay loans early and also take on a larger loan. Such behavior increases the risk of over-indebtedness and gives the impression that the client’s credit history is good, when in fact s/he is borrowing to pay off loans rather than paying off the loans with the income generated form a productive activity.

4.A.1.1 The provider has a policy and documented process for loan approvals.

4.A.1.1.1 The percentage of a borrower's disposable income that can be applied to debt service may not be higher than 70%, including debt from the provider and other lenders.
4.A.1.1.2 Loan approval decisions are made by at least two people, one of whom does not interact directly with the client.
4.A.1.1.3 If a credit bureau exists, the provider reports client data to credit bureaus and uses credit reports in the approval process for loans.
4.A.1.1.4 If the provider offers group loans, either the provider or fellow group members conduct due diligence for each group member.

The details listed here indicate the minimum elements that constitute an appropriate loan approval policy. This policy will likely be the Credit Manual. The documented process will likely be the forms that loan officers fill to conduct the client underwriting. Any updates or reinforcements of the main policy document may be released as circulars, or memos,  and should be reflected in training materials.

For 4.A.1.1.1

The percentage of disposable income that can be applied to debt service is usually calculated as [installment amount] / [net monthly cash surplus] – the remaining amount (thus 30% minimum) is there to allow a safety net for the client in case of emergency expenses, or potential unexpected drop of income, but also to account for approximation or errors in the cash-flow analysis.

For 4.A.1.1.2

Loan decisions can’t be made by the loan officer himself alone. Since the loan officer collects the data and has the closet relationship with the client, there should be at least one other person involved in validating the client data collected by the loan officer and verifying that the capacity analysis calculations adhere to company policy.

For 4.A.1.1.3

If there is a functioning credit bureau in the country, it is absolutely critical for the FSP to consult the database for every single loan, and to report on every single client

For 4.A.1.1.4

Relying on group solidarity to disburse a group loan, is not sufficient and the same care should be taken for group loans as to ensuring that all group members have the capacity to repay their loan.

Scoring guidance

Detail 4.A.1.1.1:

  • The score is “Yes” only if 1) there is an explicit percentage of the client’s monthly disposable income that can be used for debt service (the installment amount), 2) based on the cash flow of the client’s household and business income.  
  • If the detail 4.A.1.2.1 that expresses what the cash-flow analysis includes, is scored “No”, or “Partially” then this detail should be scored accordingly “No” or “Partially”.

Detail 4.A.1.1.2

  • As long as there is one or more other people -who do(es) not have direct interaction with the client - involved in the loan approval process, this scores “yes”
  • In the case of an automated credit approval process, make sure that there is some kind of control involved on the data that is entered and used for approval.

Detail 4.A.1.1.3

If there is a functioning credit bureau in the market, but the provider doesn’t use it, this cannot be marked as “not applicable”.

If there are several entities providing credit reports, you should assess whether the one(s) the provider is using cover(s) the adequate market and risks.

Verify that the provider also reports regularly on its clients’ loans and payments. If not, then this is scored “partially”.

Assess whether the process and data is useful to prevent the risk of over-indebtedness. Eg: if the credit bureau database is updated only once in a while and doesn’t reflect the exact current outstanding loans a client may have, then this is important information to note, and could be scored “partially”.

Detail 4.A.1.1.4

There has to be some kind of individual repayment capacity analysis conducted for each group member level to score “yes” or “partially”. It doesn’t have to be as formal and detailed as for individual lending.

Sources of information
  • Credit manual, credit approval process
  • Loan process documents, client repayment capacity evaluation forms  
  • Training materials, circulars, handouts etc.
  • Interviews with Credit staff at various levels of the organization such as loan officer, branch manager, regional manager, Head of Credit/Operations etc.  
  • Branch observation - attend a client evaluation visit and a Credit Committee to see the content of discussions
  • Credit bureau process and its data accurateness
Evidence to provide
  • Specify the percentage of client’s disposable monthly income that can be used for debt service and cite the document name and page/chapter number where this information can be found.
  • Describe the loan approval process, how credit bureau information is included there and how relevant it is, and explain the Credit Committee composition and process

4.A.1.2 The provider conducts a cash flow analysis to evaluate repayment capacity.

4.A.1.2.1 The provider conducts a cash flow analysis that considers income, expenses and debt service related to business and family, and any other sources of revenue, including informal sources.  
4.A.1.2.2 The provider does not use guarantees, guarantor income, collateral, and/or insurance coverage as proxies for repayment capacity or as the main basis for loan approval.

Credit staff should assess client repayment capacity for every loan cycle, using a cash flow analysis and review of current indebtedness (formal and informal). To effectively carry out a cash flow analysis for every client, the field staff must understand what data to collect, how to verify it and cross-check it, to reach a realistic picture of the client’s disposable income.

The cash flow analysis is based on all the listed elements, consolidating both household and business flows, including any outstanding debt. It can apply conservative criteria, and should account for seasonality of cash flows.

The Credit Committee uses this analysis to approve the loan and to determine the appropriate loan size for that client. If the cash flow analysis is weak or unverified, the Credit Committee doesn’t rely on guarantees to approve the loan.

If due diligence is conducted by group members, groups are trained annually on how to conduct due diligence and the relevant loan criteria they should consider. For loans with a group guarantee, due diligence may be conducted by the provider or group members. For group loans without group guarantees, the provider carries out a repayment capacity analysis for each borrower.

Scoring guidance

Detail 4.A.1.2.1

To score “yes”, verify that cash flow analysis considers all of business and family sources of income and expenses, as well as debt towards others (formal and informal). It has to be refreshed at each loan cycle. If one element is missing, then it is “partially” compliant.

Detail 4.A.1.2.2

If the institution conducts a repayment capacity analysis, then this indicator can be scored “yes”, even if the analysis is deemed poor. The quality of this analysis is assessed in the above detail.

Sources of information
  • Credit manual and any additional materials that describe how to conduct a cash flow analysis and/or evaluate repayment capacity, and how guarantors and collateral are used
  • Interview with loan officers to verify their understanding of the repayment capacity analysis and the source of information
  • Review a sample of client files to verify the cash flow analysis and the weight guarantees
  • Branch observation –  
    • attend a repayment capacity evaluation visit at the client,  
    • attend a Credit Committee to understand how guarantees weigh in the decision
Evidence to provide
  • Verify a sample of the calculations of capacity analysis in a few client folders during the branch visits to ensure that the capacity analysis is complete, and the loan amount recommended is reasonable e.g., within the limits established in the policy.  
  • Ask field staff to explain you the calculations, to ensure they understand the data they need to gather and analyze.
  • Describe what matters in the Credit Committee decision making process

4.A.1.3 The provider's policy on loan prepayment specifies the conditions under which it is acceptable for clients to pay a loan early in order to take a new loan.

4.A.1.3.1 When the client applies for prepayment to get another loan, the provider specifies a time period and/or percentage of the active loan's principle that must be repaid before being eligible for a new loan.
4.A.1.3.2 When the client is taking another loan immediately after prepayment, the provider conducts a new cash flow analysis.

Prepayment (or anticipated payment) refers to the payment of the full outstanding amount of a loan before the end of the loan term, such as a client who has a 12 month loan term but wants to repay it in full by the 8th month. This indicator also applies to the refinancing of a loan.

The prepayment of a loan and the simultaneous taking of another loan can be a sign of debt stress from the client and can lead to over-indebtedness; it can happen that allowing clients to take ever increasing loans, which are used to pay off existing loans, leads to a vicious circle of debt that can cause dire consequences for the client and his/her household when the stream of credit is interrupted.

This is a risk, but it doesn’t mean that prepayment to take a new loan is necessarily a bad practice. Thus, the provider should ensure through adequate policy and conditions that loan renewals are carefully disbursed, with adequate safeguards, and that those loans are tracked in the MIS as new loans and monitored.

The details of this indicator provide additional guidance.

In order to prevent this type of behavior and the related debt stress for the clients, the institution should create a policy that encourages responsible behavior by the client that may seek a top-up loan i.e., prepaying the existing loan and immediately taking a larger loan. This policy should also be consistent with the standards on responsible pricing and fees. For example, if the client repays the loan early, they should not be obligated to repay all the interest they would have paid if they had held the loan for the full period of the loan term.  At the same time the institution should not make it too easy for the clients to obtain top-up loans as it is not a financially healthy behavior for clients to engage in, though it is common in many markets. Some institutions require a waiting period of a month or some shorter period of time between the pre-payment of one loan and the disbursement of a subsequent loan, in order to help reduce the use of new loans to pay off existing loans.

Scoring guidance
  • First of all, there must be a policy that defines the process and requirements in the event a new loan is issued after a prepayment. The policy must define 1) what conditions need to be met in order to pre-pay a loan and take out another loan and 2) what are the procedures that must be followed from the institution’s side in order to implement this carefully i.e., with an eye toward preventing client over-indebtedness.
  • The repayment capacity analysis is refreshed at each loan cycle to identify changes in the client’s situation. it is acceptable to take a new loan following an early repayment as long as the provider defines the conditions for prepayment including 1) criteria of time or principle repaid are set 2) a fully new analysis is performed, 3) those loans are tracked in the MIS as new loans and monitored."
  • There has to be at least one formal condition set by the provider to score “yes” on 4.A.1.3.1 .
  • If the provider's policy is that prepayment is not allowed, the answer is “NA”.
  • If prepayment is allowed and no cooling off period is required but in practice (1) all new loans need Management approval, or (2) no renewal loans are authorized during what would have been the original loan term, the answer can be “yes”.
Sources of information
  • Credit manual
  • Interviews with branch manager and credit officers.
  • Prepayment policy and/or credit renewal policy / refinancing policy
  • Review of a sample of client files who have prepaid and immediately renewed/ of refinanced loans
Evidence to provide
  • Describe the conditions that the institution has defined for renewal following prepayment, and/or for refinancing, and provide the policy name and chapter.  
  • Describe any safeguards the institution has put in place to help prevent over-indebtedness during this transaction, for example the institution may specify the maximum increase in loan size for a top-up loan by percent of the original loan.  
  • Describe the process that the institution uses in the event that the client requests pre-payment on his/her existing loan in order to take out a new loan, including whether a new cash flow analysis is conducted, when, and by whom.
Resources for indicator 4.A.1.3

4.A.1.4 If the loan approval analysis is done through an algorithm, the provider reviews how well the algorithm functions. Minimum frequency: annually

4.A.1.4.1 The provider reviews the effectiveness of the algorithm for predicting client repayment.
4.A.1.4.2 The provider checks its algorithms for bias against Protected Categories and corrects it as needed.

Now that many financial institutions are using algorithms to facilitate repayment capacity analysis, this increases dramatically the risk of over indebtedness for the clients that take credit approved through the use of these algorithms. This is mainly due to the fact that most algorithms are designed to evaluate the probability that the client will repay, not the actual capacity of the client to repay.

Because of this, it is very important that any responsible financial institution using an algorithm in place of a cash flow analysis and loan officer-based repayment capacity analysis, should ensure that the designers of the algorithm understand the financial institution’s mission and target clients prior to designing the algorithm.

The provider should also test the algorithm on a sample of existing client files to understand if the results of the algorithm are consistent with their previous repayment capacity analysis and how they differ and whether or not those differences are consistent with the FSP’s mission and social goals.

The details provide further guidance:

  • After a period of no more than 12 months, the FSP conducts a review of the effectiveness of the algorithm at accurately predicting which clients will be willing/able to repay their loans. It is important to conduct this review either in a pilot-test or promptly upon deploying a new algorithm or new criteria. To reduce the risk of clients suffering from significant debt stress.  If the FSP is switching from a cash flow-based repayment capacity analysis to an algorithm, it should also make sure to define specific monitoring indicators and red-flags to have early warnings of potential debt stress.
  • Since the algorithms used in credit decisioning usually use data mining and analysis of big data sets in order to develop its predictions for each client, there is a higher risk of unintentional bias in this process. The algorithms use criteria such as number of contacts in the candidate’s phone, or number of social media account and interactions as predictors of likelihood of repayment. For example if a gender divide exists in a certain country in terms of smart phone ownership and smart phone ownership is one of the criteria used in the algorithm, the algorithm may contribute to widening the gender gap in access to credit.
  • The International Labor Organization (ILO) defines Protected Categories as those characteristics of a person that cannot be used to discriminate against them for employment purposes, which include ethnicity, gender, age, disability, political affiliation, sexual orientation, caste, and religion.
  • The FSP should consider how the algorithm’s recommendations for credit approval and amount vary based on the gender and ethnicity of the candidates to see whether the biases of the algorithm’s designers or the selection of certain data inputs bears a risk of discrimination. If this type of bias is identified the FSP should work with its TA providers to reduce the amount and effects of bias in the algorithm over time.
Scoring guidance
  • If the FSP does not use an algorithm then this indicator is NA for not applicable.
  • If the FSP uses an algorithm, then the FSP should have conducted a review of how the algorithm works both prior to launching the new system as well as regularly during its period of usage, and at least in the last 12 months.  
  • It should evaluate the effectiveness of its credit decisioning algorithm, segmented by the characteristics of the vulnerable populations in the FSP’s local context e.g., indigenous, or rural or female etc
  • If any biases were detected in the review of the algorithm and its credit decisioning results, the FSP must work with the algorithm’s designers to reduce these biases as much as possible.
  • Whenever the algorithm is redesigned/modified in a significant way that should trigger an additional review.
  • If either one of these components are missing the indicator will be scored as “partially.”
Sources of information
  • Interview with the Head of Credit,
  • Interview with the Head of IT and other personal who were responsible for the design and roll out of the algorithm.
  • If the FSP hired an external firm to design the algorithm, the TOR for that work could be useful to review to know what parameters the TA provider was given for the design of the algorithm and whether any social considerations were taken into account e.g., avoiding bias in the algorithm due to type of data used etc.
  • If there is a report from the review of the algorithm’s effectiveness that will also be a useful source of information.
Evidence to provide
  • Describe how the algorithm was developed and reviewed
  • Provide the date of the last review, how often it is carried out, a description of the type of review that was conducted and by whom, and the outcome of the review.

4.A.2 The provider monitors the market and responds to heightened over-indebtedness risk.

Over-indebtedness is not an absolute level of debt but is commonly understood as a situation where a client has to make unacceptable sacrifices in order to repay a loan (see Box 14 for examples of these sacrifices). Management and board should develop a definition of over-indebtedness for your institution’s context (i.e., “what does over-indebtedness mean for our clients, and how do we identify it?”), and they should define indicators and benchmarks that serve as early warnings for over-indebtedness. Examples of such indicators include: PAR by product; number/ percentage of clients with multiple loans; number/percentage of clients repaying loans early; early repayment by product; calls on guarantees; delinquent loans; and client exit. In particular, the provider should track rescheduled loans, and produce reports at least monthly, as a rising number of rescheduled loans may reflect rising over-indebtedness.

4.A.2.1 Senior management monitors portfolio quality to identify over-indebtedness risk. Minimum frequency: monthly

4.A.2.1.1 The provider analyzes portfolio quality by branch, product, and client segment.
4.A.2.1.2 The provider tracks restructured, rescheduled, or refinanced loans.

Management should monitor the institution’s portfolio for potential over-indebtedness problems by analyzing the data and trends for the indicators that support your institution’s definition of over-indebtedness. They should also analyze credit bureau information at the aggregate level (if available) in order to make informed decisions about products, expansion, and targeting. The board should also receive and review portfolio reports at least quarterly.

Portfolio quality refers to non-performing loans, restructured/rescheduled loans, write-offs.

Examples of high-risk factors include: rising number of multiple borrowings, lack of effective credit bureau, high growth, high penetration rates of other FSPs, high competition, or growth models of geographic expansion vs. concentration, disaster situations, political conflict, major economic downturns.

When a risk of systemic over-indebtedness arises in the market, the institution should adopt risk mitigating policies, such as slower growth, more conservative loan approval criteria, or limits on total number of loans an individual can have at one time from multiple providers. And review the incentives schemes. (see more about this in Standard 6.A.2)

In addition, the provider should offer restructuring options to its clients, under condition, but as a relief of their debt stress. And in doing that, because this type of loans are offered to clients who experienced difficulties to pay back, it is critical to track them separately as a rising number of restructured loans may reflect rising over-indebtedness.

Definitions: The term “restructured loans” encompasses both rescheduled and refinanced loans. Rescheduled loans are loans whose term has been modified to permit a new repayment schedule, to either lengthen or postpone the originally-scheduled installments, or to substantially alter the original loan terms. Refinanced loans are loans that are disbursed to enable repayment of prior loans for which the client was unable to pay the scheduled installments. Refinancing comes usually with a higher amount than the outstanding previous loan due, to allow the client to relaunch its business with a fresh start.

Scoring guidance
  • The management must monitor the portfolio quality by all three criteria listed: 1) branch, 2) product, and 3) client segment. And it should discuss the data and trends at management meetings and use it for decision making to score “yes”. If any of this is missing, it’s “partially”.
  • If the management monitors portfolio quality (which is almost always the case) but management does not have specific indicators or discussions of what the portfolio quality data tells them about client over indebtedness, then the score will be “partially.”
  • The loan management system should also allow to track more specifically the status of restructured, rescheduled and refinanced loans and management should make decisions upon this analysis to score “yes”.
  • None of these details can be scored NA. If the institution doesn’t offer restructuring/rescheduling or refinancing options, then the detail is scored “No”.
  • Detail 4.A.2.1.2 should be consistent with 4.C.3.2.
Sources of information
  • Interviews with Head of Credit, regional credit managers
  • Interviews with the data analysis or Business Intelligence staff who analyzes the data and generates the reports for management.
  • The portfolio monitoring reports generated for management / MIS reports on restructured loans
  • The Restructuring/rescheduling/refinancing policy
  • Interviews with credit staff at various levels to determine what is the policy and what is the practice with regards to rescheduling clients’ loans.
  • The credit manual (or other document) that would contain the institutional definition of over indebtedness.  
  • The interviewer should also ask what steps, if any, have been taken by management to address any concerns raised by this type of analysis.
Evidence to provide
  • The description of the KPIs used to generate management’s monitoring reports, the frequency of these reports and by whom.
  • If applicable, the institutional definition of over-indebtedness, and the manual and page number where to find it
  • List which data is reported on, what the recent trend data shows, and how management uses this information.

4.A.2.2 The provider defines PAR levels that trigger additional internal monitoring and response.

The institution’s risk management department should verify compliance with credit policies and systems on a regular basis. Internal Audit or Monitoring should check that field staff execute accurate repayment capacity analysis and other over-indebtedness prevention practices, like credit history checks and accurate collateral valuation. Auditors or compliance officers should also visit a representative sample of clients each year to crosscheck compliance through client interviews. Pay particular attention to branches with high PAR or where other risk factors are present, such as high client exit rates, cases of multiple borrowing, or renewals after early repayment. Additionally, where group members are responsible for loan appraisal, this monitoring is essential to ensure that the system is working, and that social collateral is not masking poor credit capacity analysis.

The institution should define a threshold for PAR that prompts closer oversight from Operations, and Risk Management or Internal Audit if necessary, as well as recommended actions from Management to help identify if this PAR isn’t a warning sign of over-indebtedness.

Scoring guidance
  • To pass this indicator the provider must 1) have a clearly defined level of PAR past which additional monitoring take place and 2) rising PAR must actually generate a response from management and 3) response from management must address the problem and try to identify its origins and generate solutions.
  • If PAR reports are generated, but exceeding the limit hasn’t triggered an action, then this is scored “no”.
Sources of information
  • Interview with operations
  • Operational document (policy, manual, procedure, memo or circular) that defines the PAR threshold
  • Interview with Internal Audit, Risk management
Evidence to provide
  • Provide the source that specifies the PAR level that triggers action and what that institution’s response entails.

4.A.2.3 If the provider's total credit risk has averaged more than 10% during any quarter in the past three years, the provider has taken corrective measures.

Total credit risk is calculated as : total PAR30 + 12 sliding-months write off ratio + all rescheduled/restructured/refinanced loans, and should not exceed 10%.

If total credit risk has averaged more than 10% during any quarter in the past three years, the institution should put in place corrective measures to reverse the trend. In the case of declining portfolio quality linked to client non-repayment, consider whether one or more of the following corrective measures is appropriate:  

  • Conduct a portfolio audit to understand the issues;  
  • Reinforce compliance, internal controls, or audit checks on lending practices;  
  • Reinforce training of field staff on repayment capacity analysis;  
  • Reduce amount of lending until the PAR can be brought under control; and/or  
  • Increase measures to monitor context risks that can impact delinquency (political activity, non-repayment crises in neighboring financial institutions, etc.).
Scoring guidance
  • The analyst will look at the institution’s financial reports to track credit risk over time and ensure that either it is 1) less than 10% in every quarter for the last 3 years or that 2) if credit risk has been more than 10% in any quarter for the last three years, that management has implemented actions to reduce it and those actions have been in place for at least the past two consecutive quarters.
  • In times of crisis (eg: covid) it may be understandable that credit risk exceeds 10%, but corrective actions should be clearly demonstrated for a full score “yes”.
  • If you only use/have year-end credit risk data, or if you aren’t able to have a write-off ratio over 12-sliding months, this is not sufficient to score “yes”, and should be scored “partially”.
  • This indicator can be scored “NA” only if there is clear evidence that credit risk has not exceeded 10% in any quarters of the past 3 years.
Sources of information
  • Recalculate credit risk on a quarterly basis, using this definition
Evidence to provide
  • A statement about whether total credit risk has averaged more than 10% during any quarter in the past 3 years and if yes, what the provider has done to address and improve this situation.  
  • Explain any extenuating circumstances that would have triggered a sharp rise in PAR, such as the pandemic, a coup, hurricane etc.

Standard 4B. The provider gives clients clear and timely information to support client decision making.

Providers communicate clear, sufficient, and timely information in a manner and language that clients can understand, so that clients can make informed decisions. The need for transparent information on pricing, terms, and conditions of products is highlighted. The institution must ensure that clients understand the information disclosed.

Resources for Standard 4B

This standard has 2 essential practices:

4.B.1 The provider is transparent about product terms, conditions, and pricing.

Transparency on product information is vital for client understanding. When clients understand the products they are buying and using, they are more likely to use them successfully. Client success is a major determinant for the health of your portfolio. Furthermore, client understanding helps build confidence and trust in your organization.90 Table 25 lays out transparency policies for four products.

When providing the information listed in the Transparency Policies and Procedures for Four Products table, observe the following practices:

  • Write product contracts in simple language. If you are required by law to use technical language, then ensure that your Key Facts Document  is written in simple language. Do not use illegal clauses. Do not use fine print.
  • For loans with a group guarantee or a guarantor, clearly define member and/or guarantor obligations, and communicate these to group members and guarantors in a way they can understand.
  • If the loan has a variable rate and/or is denominated in a currency different from the main currency of the client’s source of income (e.g., the client earns income in pesos and the loan is in USD), clearly explain pricing and cost scenarios to the client, including a pessimistic scenario in which exchange rates change and the loan is not worth as much money.
  • For clients using payment services, make sure that the documentation that lists all fees, terms, taxes, and cancellation conditions is provided at your agents’ locations where they facilitate payments. Such services include money transfers, bill payments, airtime top-up, and deposit withdrawal.
Resources for 4.B.1

4.B.1.1 The provider gives a Key Facts Summary Document to borrowers. The document contains the following information:

- Total loan amount
- Pricing, including all fees
- Total cost of credit: all principal, interest, and fees plus cash collateral
- Disbursement date and loan term
- Repayment schedule with principal and interest amounts, number, and due dates of all repayment installments
- All deductions from principal disbursement (e.g.: first installment, commissions, fees, cash collateral, taxes), if applicable
- How cash collateral / mandatory savings can be used in case of default, if applicable
- Moratorium interest rates, terms, and conditions, if applicable

The contract should always come with a one to two pages summary of the most important information, called the Key Facts Document, to summarize in an easy to find and easy to understand format the main information pertaining to the client’s loan. The Key Facts Document should be written in the local language and use simple forms of expression to convey the most important aspects of the loan in a way that clients with low levels of both literacy and financial literacy can understand and refer to in the future.  

Scoring guidance
  • Review a sample loan contract, and the key facts document,  
  • If the Key Facts document is missing any of the 8 items listed above the answer for this indicator the score is “partially”, and “No” in Certification.
Sources of information
  • Client contract, Key Fact Document, client welcome kit, in template form or filled out for a specific client.  
  • Branch Observation : Observe/listen to a disbursement speech and review any welcome kit materials that may be provided to clients in the moment of disbursement to see how this information is conveyed orally to clients who may not be literate or who will benefit from an oral reinforcement of the information contained in the Key Facts Document.  
Evidence to provide
  • Reference to the Key Facts document  
  • Determination by the analyst about whether the Key Facts document contains all the needed information (listed in the indicator) and/or what information is missing.

4.B.1.2 Loan contracts include the following information, as applicable to the product:

- Grace period
- Mandatory savings / mobile wallet amount
- Automatic account debiting mechanisms
- Linked products
- Member or guarantor obligations
- Collateral requirements and seizing procedures
- Consequences of late payment and default
- Prepayment conditions: whether it is possible and how it affects the cost
- Whether terms and conditions can change over time and how that would affect client

The loan contract should be written in the language that the clients speak and should be as short and simple as possible given the legal requirements of the country. The contract should be filled in completely and a copy of the contract signed by both sides should be given to the clients for their records. It should also contain all the necessary information on the topics listed above so that the client can fully understand their obligations and make informed choices.

"Consequences of late payment" refers to the penalties clients would pay, as well as the process the provider would take in case the client doesn’t pay on time (eg: phone call, visit after x days…). “Prepayment conditions” and “how it affects the cost” refers similarly to penalties clients would pay.  

Scoring guidance

Review a sample loan contract and check off each of the items that are listed in the indicator above. Only if the FSP does not offer one of these items e.g., grace periods, can it pass this indicator while leaving an item out of the contract.  

Sources of information
  • The loan contract for each of the FSP’s main products.  
  • Review a sample of client files to verify this is uniformly implemented  
Evidence to provide

Description of the loan contract, how it differs by product if applicable, and which items are included in the contract and which are absent.

4.B.1.3 Loan contracts are available in the major local languages.

  • If the country has multiple official languages then the FSP should have contracts available for clients in each of those official languages.
  • If the clients speak one language and read another (because their native language does not have a written form) then provide the contract in the language that most clients know how to read.
  • If the clients speak and read a language that is not an official language of the country but is the language that many clients speak and read, then provide the contract in that language.

The goal is to make the loan contract accessible to the clients by sharing information in a way that they can access and understand.

Scoring guidance

If the loan contracts are provided in the language(s) that most of the clients speak/read and/or the FSP provides contracts in all of the country’s official languages than the score is “Yes”.

Sources of information
  • A review of the loan contracts
  • Interviews with the field staff to understand the languages utilized by the FSP and the clients for both writing and speaking.
Evidence to provide

Description of which languages the clients use and what languages the contracts are offered in as well as any activities the FSP does to help make the contract accessible.

4.B.1.4 The provider communicates product information in a way that supports informed decision making by clients.

4.B.1.4.1 The provider publishes basic product information, including pricing, at branch or agent locations, or digitally as applicable.
4.B.1.4.2 The provider communicates APR/EIR (or MPR if the majority of loans are under 3 months) in the Key Facts Summary and/or the loan contract.
4.B.1.4.3 The provider's communications are in simple local language; oral information is used for less literate clients.
4.B.1.4.4 The provider's marketing materials do not deceive or mislead clients.

The FSP has to give sufficient clear information at the right time to facilitate informed decision making. For example, if the welcome kit contains detailed and clear descriptions of the product’s terms and conditions but the client only receives it after they sign the contract then the information is clear and sufficient, but it is not delivered at the right time.

The client must receive the information before they sign the contract, and they must have as much time as they desire to review the information prior to signing the contract. Ideally the client is the one to decide when to approach the FSP in order to proceed with the process of committing to a product after they have had enough time to review the information and consult with any trusted advisors. They should have at least 24 hours to review the information unless the client himself prefers to move ahead with the process faster.

Employees should be trained to discuss terms and conditions with clients on several occasions during the product sales and application process. Staff should know how to evaluate client understanding, for example, using a set of conversational questions that can indicate to the staff whether clients understand the information that has been shared with them and are able to apply it as they use their financial products. If the country is very linguistically diverse (e.g., India, Guatemala) than the FSP should make an effort to address that linguistic diversity in a pro-client way such as by hiring loan officers that speak the indigenous languages of the clients and can explain the official documents in those indigenous languages. The FSP may also offer recordings of an explanation of the loan terms or Key Facts Document in various indigenous languages and post those recordings in places accessible to the clients e.g., on TVs in the branches or through the FSP’s App etc.

The provider should make the main characteristics (e.g., loan term, range or maximum loan amount, price, product purpose, terms etc.) of its products available to the public so that potential clients can make informed decisions about whether or not to buy the product. Prices should be published in the public domain (e.g., branch poster, website, agent’s shop etc.), and disclosed using either APR or EIR. In addition to quoting the interest rate in APR or EIR, it is useful for clients to see the interest rate in the form most often used in your market (e.g., flat rates in MENA, CAT in Mexico, TCEA in Peru, TEAC in Bolivia, etc.). Other forms of communication include radio, SMS messages, in App notifications, product descriptions, and television, illustrative examples of calculation on the website or mobile App if applicable,. This information should be published in all the places where clients go to receive information about the products on offer, for example if the FSP has branches, agents, and an App it should offer this information in all of those places. If the FSP does not have one or more of those venues for its clients e.g., fintechs that only have digital operations, then the FSP should offer the information through the channel it uses to communicate with its clients, such as the App.

The FSP should have a clear and specified procedures for treating illiterate clients and employees should receive a training on how to communicate the information with all types of clients.

The FSP should use the simplest language possible to convey the information about its products to the clients, in deference to their often low levels of literacy and financial literacy. There should always be an option for the clients to receive a through oral explanation of the products in case they are illiterate, such as a hotline, a customer representative at the branch, their loan officer, or a video recording. The information made available to the public should be useful for client decision making, accurate, and advertisements should not be misleading. Pricing data is updated in all public material, and terms and conditions are accurately presented.

Scoring guidance
  • The information must be 1) clear 2) sufficient (it covers all the necessary topics listed in 4B1.1 and 4B.1.2) 3) accurate and up-to-date and 4) timely (delivered with enough time before they sign the contract for them to consider the terms and their other options) in order to support informed decision making by the client.  
  • If any one of those criteria are not met the FSP will not pass the indicator.  
  • As long as the provider publishes accurate and up-to-date product features, including pricing, on at least two public facing places (e.g., branch banner and in App) it can pass detail 4.B.1.4.1
  • For detail 4.B.1.4.2, the provider must disclose either APR or EIR in its Key Facts Document and/or the loan contract. Disclosing the price in just the local version is insufficient, for example if the brochure says that the price is 2% per month and does not list the APR, then it cannot pass this indicator.
Sources of information
  • Branch observation: the analyst will observe/listen to a disbursement speech and review any welcome kit materials that may be provided to clients in the moment of disbursement. The analyst will also need to visit agents or POS if applicable. Additionally, the analyst should listen to how branch staff and loan officers talk to clients and answer their questions to ensure that the oral communications also meet these criteria.
  • Ask field staff during interviews how most clients receive their information from the FSP and check all the places where the staff say that they publish this information to verify that in fact it is publicly available, in an appropriate language, and sufficiently complete and up to date to be useful.
  • All publicly available product descriptions e.g., flyers, banners in the branches, website
  • Review of product application form, contract, the main product brochures, the information visible in the branches, the key facts document, the mobile app, the website...  
  • If the provider uses a digital means such as website or App, the analyst must request information on what percentage of the population, and the clients have access to those channels. For example, if the information is on the website but only 5% of the country’s population has access to the internet that is not a client facing channel. Likewise, if the App contains very clear and detailed information but only 3% of the clients have downloaded it, that is not sufficient disclosure.  
  • The procedures for treating illiterate clients and the training that employees receive in this regard,
  • Loan officer training materials that describe how field staff should disclose product information to clients, any policy on transparency that may be included in the credit manual or another manual, potentially a documented process for communicating pertinent information to clients.
Evidence to provide
  • What type of information is provided and when is it provided, as well as a determination by the analyst on if the information provided meets the criteria of being clear, sufficient, accurate and timely.
  • Demonstration that price information is publicly available and accessible to clients, and up-to-date.
  • Description of which pricing information is included and in which documents.  
  • A description of the channels of communication that the clients can use to receive an oral explanation about the products on offer.
Resources for indicator 4.B.1.4.
Resources for detail 4.B.1.4.2

4.B.1.5 If the provider uses agents, it verifies that they provide to clients sufficient documentation of their fees, terms of service, and cancellation conditions.

Especially when agents are the only representatives of the FSP that the clients interact with and especially if the agents can conduct sales for the FSP’s products, then it is necessary that the agents provide the same level of information and transparency for the clients on their financial products and services that they would receive from the FSP itself. The FSP should have a process to monitor the quality of the services provided at its agents that is conducted periodically by Customer Service or Internal Audit or Monitoring staff.

Scoring guidance
  • The analyst needs to 1) verify that the FSP’s agents provide “sufficient documentation” to the clients on 2) a consistent basis.  
  • Ideally the analyst will check that the documentation is sufficient i.e., it is clear and complete and offered at the right time to help clients make informed decisions. Since documentation implies written materials, 3) the agents should offer oral explanations of the information in this documentation for those clients who may be illiterate.  
  • To understand if this type of information is offered consistently the analyst needs to verify that 2a) the FSP has a way to monitor compliance with this practice. The analyst should also 2b) observe in person in the field the way in which agents give information to clients to see if it adheres Recommendations column.
Sources of information
  • Any policy documents or contracts that govern the relationship between the FSP and its agents and describes the transparency practices and information sharing expectations that the FSP has with regards to how the agent interacts with its customers.  
  • Agent Monitoring process
  • Field observation of agents’ interactions with clients.  
  • Interviews with monitoring staff that visit agents and ensure they are complying with the FSP’s expectations.  
Evidence to provide
  • Reference the sections of the contracts or policy that describe the FSP’s expectations regarding the agents’ disclosure of information to the clients.
  • Describe the system of monitoring that the FSP has in place to ensure compliance with good practice among its agents.

4.B.1.6 If the provider offers savings, documentation includes the following:

- Fees, including closure fees
- Interest rate and how amounts will be calculated
- Minimum and maximum balance requirements
- Whether deposits are governmentally insured

Transparency is important in all products, including savings and deposits, even including compulsory deposits and guarantee deposits held by the financial institution as part of the guarantee for the client’s credit product. The client has the right to know about the terms and conditions of the savings account and any fees or interest associated with the use of the account. (eg: closure, withdrawal, below min balance, inactive account fees etc....).

How amounts are calculated refers to what basis is used for the interest rate calculation, such as daily balance, or average balance over a given period etc…

In some countries, there is a regulatory requirement for FSP’s to insure their deposits; in the event of a crisis, or of the institution’s bankruptcy, clients would still recover their deposits, usually up to a certain amount.

Scoring guidance
  • If the FSP does not offer savings or deposits, then this indicator is NA.
  • If the FSP does offer savings or deposit or current accounts, then the disclosure of information to the client about that product must include all 4 pieces of information, where applicable.  
  • If any of these 4 pieces of information is applicable but missing, or if it is not in the product documentation provided to the client, the answer is partially,
Sources of information
  • Saving contracts \ products descriptions
  • Client interviews to verify their understanding of the terms and conditions
  • Interviews with the concerned staff, e.g., agents, savings product manager etc.
Evidence to provide
  • Reference of the documents provided to clients  
  • Description of which information is included and how it is disclosed to the clients

4.B.1.7 If the provider offers payments, it gives the following information to clients who are initiating or receiving money transfers, or using other payment services:

- Amount paid by sender, in sender's currency
- Estimated exchange rate
- Amount to be received in the destination currency
- Fees
- Instructions for collecting payment
- Cancellation conditions
- Instructions for resolving errors
- Transaction confirmation
- Taxes
- Linked products (if any)

The provider should clearly communicate all the above information regarding payments services and transactions. This information is necessary to eliminate the element of surprise and make the customer fully aware of the amounts, fees, and instructions for transactions, whether receiving money, canceling or confirming transactions, and whether there are conditions or limitations related to payment services.

Exchange rates are critical information for clients, as the differences between the amount sent and received can create confusion for clients using international transfers. Accordingly, the exchange rate at the time of transfer should be clearly indicated in the documents the clients receive upon sending and /or collecting the money. If the provider partners with any third party, the agent should follow the same rules listed above. The financial institution should have a monitoring process in place to ensure that the agents and third parties comply with the level of disclosure described here.

Scoring guidance
  • If the provider does not offer payments or transfer services, the score is NA.  
  • If the provider does offer payment services, then it must comply with the disclosure of 100% of the information listed in the indicator. If any of the indicated information is not included in the documentation, receipts or posters, then the score is partially.
Sources of information
  • Interviews with staff who design the payment services, with agents that handle the payments, and with any staff that manage the relationship between the provider and the agents.
  • Signs, posters, receipts, brochures, and any documentation given to clients or visible in the agent or branch where payment transactions are carried out that contains any of the information listed in the indicator.  
  • Interviews with clients who have used payment services, if possible  
Evidence to provide

Summaries of information from relevant interviews

4.B.1.8 If the provider offers insurance, it gives clients the following information at the time of enrollment:

- A certificate of coverage which states, at minimum, the premium, amount and term of coverage, who are the beneficiaries, which events are covered, any major exclusions, and when and how to file a claim
- An explanation of the documentation required to prove damage, if applicable
- Terms related to cancellation and prepayment, if applicable

Clients should fully understand their insurance terms and conditions at the time of enrolment, especially as insurance is a new product for many low-income clients, the provider should take care to ensure that clients understand their product and its terms. Insurance contracts may cause confusion due to the terminology, hence the provider is required to communicate all terms and conditions in simple language that clients can understand.  

Features of the insurance product that should be shared with the clients include:

  • A key facts document / certificate of coverage including: what are the events that are covered, who is covered (such as, in addition to the client, his next of kin), what assets and objects does the insurance plan cover, up to what amount, over what period of time, whether there is any waiting period  etc..
  • The premium cost including all fees and taxes
  • List of excluded events (such as natural disasters or climate events etc…; in the case of a life insurance, excluded events may be death by suicide for example)
  • How to file a claim: whom to contact, period of time to file a claim, channels, where to find the form, documents required according to the claim type, how to follow up and how and in which timeframe the compensation can be expected  
  • Beneficiaries (if there are beneficiaries beside the client) and what benefit would they receive
  • Cancellation terms and conditions (penalties, fees, pro rata calculation if applicable. etc.), what happens if the loan falls in default etc..
Scoring guidance
  • This indicator is applicable to both voluntary and compulsory insurance (credit life insurance, and insurance bundled with a loan)
  • For insurance bundled with the loan, this information can be included in the loan contract, but needs to stand out specifically with all these items
  • If the provider does not offer insurance, the score is NA
  • If the provider does offer insurance, then it must disclose all the information described in the details of this indicator, without exception.
Sources of information
  • Insurance contracts  
  • certificate of coverage
  • Documents given to clients upon enrolment, review a client files
  • Interviews with field staff, insurance agents if applicable, insurance product manager  
  • Interviews with clients if possible
Evidence to provide

Reference to the insurance documents given to clients and key items

Resources for indicator 4.B.1.8
  • Smart insurance document

4.B.1.9 If the provider offers insurance, it provides beneficiaries with timely information during the claims process.

4.B.1.9.1 The provider notifies the beneficiary within 30 days of making a decision about the claim.
4.B.1.9.2 When the claim decision results in a settlement, the provider notifies the beneficiary within 30 days of the settlement. If the claim is denied, the provider notifies the beneficiary of the reason and gives an opportunity for appeal.

This indicator is particularly important when the client is not the beneficiary and the beneficiary may not know that the client had an insurance policy. The institution should have a process in place to provide information to the beneficiary and whoever submitted the claim, as soon as the claim is submitted for review. It is critical that when the client submits a claim, he receives regular updates on the status of the claim or at a minimum each time the claim progresses to the next step in the process. The claim’s status can be:

  • New  
  • Open  
  • In process
  • Further documents / info needed  
  • Processed, including the compensation amount awarded, how and when it can be expected
  • Rejected, including the reason for rejection, and any appeals process that may be available

The claims process should not put an undue burden on the client to follow up and inquire about the claims progress, resubmit the paperwork, or travel in person to request or provide information. Ideally, the institution offers more than one channel that clients may use when submitting or following up on a claim.

Clients have the right to know the result of their claim in a timely fashion and to appeal the insurance company’s decision regarding their claims. Time frame should be listed in the insurance contract.

  1. In case of settlement (a settlement is a payment that concludes a financial obligation); the provider should notify the claimant within 30 days with clear information on the compensation awarded, basis of the calculation, and how to collect the money.  
  2. In case of rejection, the provider should notify the claimant within 30 days with clear information about the reason of rejection; it should provide the client with an opportunity to appeal as well as channels that can be used to submit the appeal.  

The provider should put this policy into practice and monitor its implementation.

Scoring guidance
  • This indicator is applicable to both voluntary and compulsory insurance (credit life insurance, and insurance bundled with a loan)
  • It is applicable whether the provider manages the claims, or the insurance company. The provider remains responsible of the communication provided to clients.
  • If the provider does not offer insurance at all, the scores are NA
  • If the provider does not have a tracking system for insurance claims that allows to provide the clients with sufficient and timely information about the insurance claim’s status as it goes through the process of review, then the score is “No”.
  • If the client can go for more than a month with no update from the insurance provider or financial institution then the score is “No”.  
  • If there is no opportunity for the client to provide additional documentation or appeal the decision after the rejection of a claim, then the score is “No”.
Sources of information
  • Insurance policy with the timeframe to settle a claim
  • Interview with field staff, and with insurance agents if applicable,  
  • Interview with the product manager for insurance  
  • Interviews with clients that have had to file a claim, if possible  
  • Insurance claims process tracking system and the latest report on claims
  • Insurance documents given to clients
Evidence to provide
  • An explanation of the claims process and how the provider tracks claims and informs clients about the steps in the review process
  • List the channels that are available for clients to submit information and those used to provide clients with information  
  • Explain what happens when a claim is rejected
  • From the report on claims, what is the average time to process and settle a claim

4.B.2 The provider communicates with clients at appropriate times and through appropriate channels.

Often, FSPs may provide full and complete product information to clients but communicate it in a way that is difficult for clients to understand e.g., disclosing information in writing to illiterate clients. The way your sales and product staff explain things to clients makes all the difference in whether clients can absorb the information and use it to make important decisions about their finances.

Clients should have time to review product information, to compare options, and to ask questions before making a decision. In order to do so, they need relevant product information at least 24 hours prior to signing a contract, opening an account, or making a payment. In practice, this means providing product documentation that clients can take home and review before the sale and prior to signing. Make sure the client also has an opportunity to decline the product without being made to feel that they are already expected to sign the contract.

Inform clients before making changes to the terms and conditions specified in their contracts—for example, if the interest rate paid on savings changes. Also inform clients before their insurance policy expires, so that they are aware and have the opportunity to renew the policy and prevent a gap in coverage.

Finally, put in place a system for providing clients with accurate account information, on demand. For some providers, an on-demand mechanism is delivered through online and/or mobile banking, which gives clients anytime access to their account information. Low-tech options including answering customer inquiries over the phone and in-person. Field and branch staff should have immediate access to up-to-date account information whenever they are interacting with the client. Provide clients receipts—paper or digital (based on client capability and context) for all transactions. For loans with a group guarantee or a guarantor and group savings accounts, provide each member in the group or guarantor with total balance of the account at least quarterly.

Resources for essential practice 4.B.2

4.B.2.1 The provider gives clients the opportunity to review the terms and conditions of products.

4.B.2.1.1 The provider offers a channel for clients to ask questions and receive additional information prior to signing contracts.
4.B.2.1.2 The provider gives clients notice and the opportunity to opt out before automatically renewing a voluntary product.

Clients need time to review product information, to compare options, and to ask questions so that they can make informed decisions. Clients should receive product documentation that they can take home and review before signing the contract—many times, a client will want to share product information with a trusted person (e.g., spouse) prior to signing.

Twenty-four hours is a good rule of thumb for providing the client sufficient time to review the terms and conditions, consult a trusted family member, and ask clarifying questions before they sign a contract or make a commitment to take on a new product. It is fine for the institution to provide the client with more than 24 hours; clients should not be pressured to make decisions to commit to a product in less than 24 hours.  Clients may choose to make quick decisions if they feel well informed, however there should be no pressure for them to do so. Additionally, the client should not be made to feel guilty or ashamed if they change their mind or choose not to commit to the product once they have reviewed all the information.

To make informed decisions, clients need:

  • Sufficient Time so they are not rushed
  • Channels and means to ask questions
  • Simple language they can understand

The channel for clients to ask questions can be a phone line to speak with the institution’s staff, or it can be a digital channel such as a chatbot. Ideally the financial institution will offer multiple channels such as a website form, in-App messaging, a customer service representative at the branch and a hotline or call center. That way the client will be able to communicate with the institution in the way that is most convenient for the client to obtain the necessary information to make an informed decision. The FSP might offer leaflets or online Q&A information to cover most of the expected questions from clients, but this does not replace the clients right to ask direct questions to staff.

In case of product renewal, the provider should deliver advance notification, and give the opportunity to opt-out. A process should describe the period used for advance notification, the channels used, what is the timeframe given to the client to opt-out. Ideally the client should receive this notice at least a couple weeks before the renewal would take effect, so that they can make a considered decision about whether or not to renew.

Scoring guidance
  • To score “yes” on 4.B.2.1.1, the client needs to 1) have received all the documentation he is going to sign, 2) and what he needs to make an informed decision, 3) have at least 24h to review it, 4) and have at least one channel for questions, the more channels the better.
  • If any of the above is not fulfilled, then 4.B.2.1.1 should be scored “partially” or “no”.
  • Detail 4.B.2.1.2 can be scored “NA” if the provider never proceeds with automatic renewals – consider all products, including deposits, insurance, debit cards etc..
  • If there are automatic product renewals, the score can be “yes” only if there is clear evidence that the client had an opportunity to opt-out
Sources of information
  • Transparency checklist, any checklist that field staff use to ensure they fully inform clients
  • Leaflets or contracts or other materials given to the clients to explain the product they are considering.
  • Branch observation:
    • Attend the process from sales to signing, to determine if the client has sufficient time and clear complete materials to review before signing
    • Verify that clients are given the necessary time and information to understand and consider their options before they sign the contract.
    • Verify that they know how to get their questions answered before they signed the contracts, and they knew the channels that they could have used to ask question.
  • Renewal policy and procedure for each voluntary product
Evidence to provide
  • Description of what type of documents are shared with clients  
  • Description of the communication channels used by clients to ask questions
  • In the case of automatic renewals, relevant documentation (policies and procedures) and how the provider ensures client information and opportunity to opt-out.
  • Summary of relevant results from the interviews with the staff and clients.

4.B.2.2 The provider gives clients a completed, signed copy of the contract and makes the contract accessible anytime in an online account or in physical form.

As soon as the loan contract is finalized the client should be provided with a copy of the fully executed contract e.g., signed by both parties. This contract can be a physical or digital copy (depending on the context and the client’s preference), but it must be complete, with no blank space and signed by both the institution and the client.  

In the case of digital loans the provider saves the Key Facts Document and the loan agreement in a client account that the client can easily access anytime. This may be on a client's device or in hard copy, but internet links alone are not sufficient.

Scoring guidance
  • This is scored “yes” upon verification that clients actually receive or know how to access their final contracts
  • The contracts must be complete, with no blank fields, and signed by both parties to meet this indicator.  
  • In terms of being available at anytime, the contract can be given in physical form to the client or it can be provided in digital form and stored in the customer’s account online, which clients could access through the mobile App,
Sources of information
  • Transparency checklist, any checklist that field staff use to ensure they provide everything to clients
  • Documents provided to clients  
  • Loan disbursement procedures (credit manual)  
  • Interviews with concerned staff’ (trainers and loan officers)
  • Interviews with clients (to see if they receive their contracts)
  • Review of client contracts
Evidence to provide

Results from the interviews with clients and staff.

4.B.2.3 The provider gives clients clear and accurate account balance information in the following ways:

4.B.2.3.1 Providing access to their up-to-date loan or savings balance upon request.
4.B.2.3.2 Sending automatic messages to clients whenever there is an automatic deduction from the client account.
4.B.2.3.3 Providing receipts, on paper or electronically, for every transaction.

Clients have the right to understand their financial position in real time so they can best plan their financial transactions. These details describe the ways in which the financial institution needs to share information with its clients or make it available to them upon request in either physical or digital form, depending on the institution’s capabilities and the clients preferences. All these elements should be provided with no additional fee for clients. If the provider considers it to be costly, then it should be integrated in the overall pricing strategy of products.  

Clients should know the channels and means through which they can access their accounts balances / details.  

The main determinants here are

  1. Accessibility: the institution should offer multiple channels through which the client can receive information so the client can pick one that is convenient and accessible for them  
  2. Accuracy: Up-to-date and accurate account information  
  3. Timely information: clients should be notified about any transaction on their accounts, especially in the event of automatic deductions so they can plan their other transactions accordingly.  
  4. Documentation: providing clients with confirmations of transactions, whether through paper or electronic receipts is necessary.
Scoring guidance
  • This applies to both loans and savings products, and includes also payment services for 4.B.2.3.3
  • The important elements to verify are precisely listed in the details.
Sources of information
  • Accounts management policy
  • Branch observation and interviews with clients to verify that this happens in practice
  • Review of the mobile App, if applicable
Evidence to provide
  • Description of how the FSP communicates information with clients
  • Description of the information available to clients and when the information is available by channel
  • Results from the interviews with clients and employees.

4.B.2.4 If loan repayments are automatically debited from a client account, the provider sends clients a loan repayment reminder at least one day before loan repayments are due.

The repayment reminder is important so that the client can plan his transactions accordingly.  

If the FSP uses third party to send SMSs to clients, the time frame for reminders and notifications should take that into account in case it delays delivery of the messages. The provider is required to verify the efficiency and the accuracy of the systems it uses to ensure that delivery of the notifications happens with enough lead time for the clients to take action and avoid any penalties.  This also applies if the FSP uses bank transfers based on agreements clients and banks in which the clients have accounts.

Scoring guidance
  • If the FSP does not apply automatic deduction/ debiting, the score is NA
  • If the FSP applies automatic deduction, it can pass the indicator only if it notifies the client of each transaction not later than one day before payments are due.
Sources of information
  • Communication process /procedures (pay attention to the time frame conditions)  
  • Channels used to notify clients about upcoming payments and/or deductions on their accounts
  • Interviews with staff members that handle payments and IT and client reminders  
  • Interviews with client whose accounts have been debited to ensure that they are notified at least one day before the due date.  
  • Contracts with third parties if applicable.
Evidence to provide
  • Reference to the part of the contract that covers this point in case of third-party agreement.
  • Results from observation, review and interviews with staff and clients

Standard 4C. The provider enforces fair and respectful treatment of clients.

Financial service providers and their agents will treat their clients fairly and respectfully. They will not discriminate. Providers will ensure adequate safeguards to detect and correct corruption as well as aggressive or abusive treatment by their employees and agents, particularly during the loan sales and debt collection processes.

Resources for standard 4C

This standard has 3 essential practices:

4.C.1 The provider's code of conduct requires fair and respectful treatment of clients.

Code of Conduct

An institutional Code of Conduct (or Code of Ethics) helps employees practice fair and respectful treatment of clients by defining clear standards of professional conduct that they must uphold. A written Code does not guarantee ethical conduct, but it is a first step toward formalizing an ethical organizational culture.

Your Code should apply to all board members, staff, and third-party providers (e.g., agents, debt collectors), to ensure that clients are protected when interacting with anyone working on behalf of your organization. It should spell out expected behavior as well as the sanctions for violations of the code. Box X provides a basic outline for the Code contents.

It is vital that staff sign a copy of the code to formalize their agreement to abide by the ethical expectations described in the code. Each board member and staff person should also receive training on the Code. While you are not responsible for providing training to third party providers such as agents, you should ask the third-party providers if they have a Code of Conduct and train their staff on it. If they do not, then you may want to consider training your agents on your Code of Conduct.

When training your own staff, use “real life” examples that highlight situations in which compliance with the Code may be difficult (e.g., when dealing with disrespectful clients; when asked by another staff member to commit minor fraud). For example, Sahayata Micro Finance Pvt. Ltd (India)1 uses “Customers’ Rights and Responsibilities Illustrations”—a series of simple pictures and texts that demonstrate five client rights and five client responsibilities, allowing trainees to discuss each scenario. Trainees are asked to read the card and decide which customer right is supported or violated by the behavior described. The cards are used to stimulate discussion among small groups of trainees and to test trainees’ understanding of ethical behavior.


Very few institutions have a non-discrimination policy that protects all the types of clients listed above. Most of these providers do not expressly want to deny clients’ rights, but they are unaware of how institutional policies and staff behavior affect certain clients or they know they need to have a non-discrimination policy, but certain protected categories are sensitive given the region’s religion or cultural norms and therefore have been left out, e.g., homosexuality in some regions. Box X provides examples of non-discrimination policies and expectations for staff behaviors. Even if you believe that your staff are treating clients fairly, put in place a non-discrimination policy to make clear the institution’s expectations and to standardize behavior across all employees.

Discrimination is different from targeting clients for inclusion in a program (e.g., loans to women, savings accounts for youth). Targeting generally corrects an existing problem of exclusion, whereas discrimination involves treating a client or potential client differently and less favorably based on personal characteristics or affiliations. Terms and conditions for individuals should only differ based on: 1) risk-based analysis (e.g., rural farmers in frequently-flooded areas might be deemed too risky, or loans might be less expensive for repeat clients with stellar repayment histories); 2) target markets defined in your mission (e.g., “our mission is to serve youth in urban areas”); or 3) accommodations based on special needs (e.g., a person with limited mobility repays monthly instead of weekly, given her difficulty getting to the branch). Such differentiation should be applied consistently and transparently

4.C.1.1 The provider's code of conduct states the organizational values, standards of professional conduct, and treatment of clients that it expects of all employees, and defines the sanctions to apply in case of a breach.

Both, employees and clients must understand the determinants of professional behavior and what can be allowed and what is not allowed in the work environment, especially in client relationship management.

The Code of Conduct/Ethics (or any similar document) is considered the basis for this, as it is a document that is supposed to be approved by the Board of Directors and must be circulated to all employees, as well as it is supposed to be covered in the  training that employees receive, especially new comers.

Sanction document/ policy is a must, it is supposed to reflect the zero tolerance regarding any breach, considering the severity/level of the violation when determining the sanction. And it serves as a warning to employees to prevent them from bad behavior.

Scoring guidance
  • The Analyst will look for a 1) written document that formalizes 2) the institution’s expectations regarding ethical behavior and 3) the sanctions for breaches of these standards. If any of these three elements are missing the indicator will be marked “partially.”  
  • In addition, the sanctions should define different levels of disciplinary procedures depending on the severity of the violation.
Sources of information
  • Code of Conduct: the document may have different names in each institution such as Organization Charter, Book of Rules, Code of Ethics, Code of Conduct etc. – all of these are fine.  
  • Sanctions policy
Evidence to provide

List the name of the document(s) that contains the 1) expectations of staff behavior and 2) the sanctions for violations of these expectations, and summarise what they are.

Resources for indicator 4.C.1.1

4.C.1.2 The provider's policies prohibit the following:

4.C.1.2.1 Corruption, theft, kickbacks, fraud
4.C.1.2.2 Client intimidation: using abusive language, using physical force, limiting physical freedom, sexual harassment, shouting at the client, entering the client’s home uninvited, publicly humiliating the client, using threats
4.C.1.2.3 Discrimination against all internationally recognized Protected Categories. [Note: Protected Categories are as follows: People over 40 years old; Sex; Race/ethnicity/national extraction/social origin /caste; Religion; Health status, including HIV status; Disability; Sexual orientation; Political affiliation/opinion; Civil/marital status; Participation in a trade union.]

Only by having an explicit policy in place can the provider ensure adherence by staff to these expectations, dissemination during trainings, and eventually control by Internal Audit.

As a complement to setting standards of behavior with clients, the institution should have a non-discrimination policy, focused on clients, that prohibits discrimination on the basis of “Protected Categories” as defined by the International Labour Organization (ILO) which include ethnicity, gender, age, disability, political affiliation, sexual orientation, caste, and religion.

Scoring guidance
  • Each of the topics in the three details must be covered in writing and expressly prohibited to be able to score “Yes”. It is not important which documents are used to implement these policies – it can be the Code of Conduct, the HR policy, the non-discrimination policy or another document.  
  • In particular, unacceptable behaviors such as client intimidation should be clearly listed in an official document, to set clear expectations from staff, to be able to communicate them to clients (see indicator 4.C.1.3), and for Internal Audit to have a reference for control.  
  • Check with HR (or view sample employee contract) to verify if staff sign a document acknowledging that they have read, understood and agree to abide by these policies.
  • All of the listed categories must be included in the institution’s non-discrimination policy for it to pass. Some of these categories are not protected by law in some countries. For example, “Caste” is only applicable in South Asia, so does not need to be included in the policies of institutions outside that region.  
  • If any of the above categories are missing, they should be flagged as recommended for inclusion in the policy and the indicator should be marked “partially.”  
Sources of information
  • Code of conduct, HR policy, Non-discrimination policy, collections policy
  • The document that contains the list of unacceptable behaviors in client relationship  
  • Employee files with confirmation that they have read and will abide by these policies
Evidence to provide
  • Description / List of the Unacceptable behaviors  
  • The page number and name of the various documents where these lists are found.    
  • The sections of the Code of Conduct / Collections policy / Credit Manual that cover corruption and intimidation

4.C.1.3 The provider informs clients, verbally or in writing, about the prohibited behaviors found in the code of conduct.

Having a code of conduct alone is not enough to make the values “come alive.” The field staff need to be trained and monitored so that they are capable and consistent about informing clients about the behaviors that are expected of staff and those that are unacceptable.

Clients should be informed of what behavior they should expect from staff and what is prohibited, so that in case they feel a staff is overstepping the boundaries and they feel any inappropriate behavior, they clearly know they don’t have to suffer it and that they should report it to the institution.

Scoring guidance

The provider can pass the indicator if it clearly informs the clients about which staff behaviors are prohibited. Since it says “verbally or in writing” only one channel is necessary for the institution to pass this indicator, though ideally both channels are offered.

Sources of information
  • Any public material (branch posters) that address client rights and staff behavior
  • Transparency checklist, any checklist that field staff use to ensure they fully inform clients
  • Staff orientation materials that discuss ethical/appropriate staff behavior and guidance for how to inform clients about the expected staff behavior.  
  • Customer satisfaction/ exit survey’s results
  • Complaints’ reports
  • Branch observation: how is this information conveyed to clients
  • Interview with client to verify whether they received this information
Evidence to provide
  • Results from interviews with staff and clients
  • References to the documents, oral speech, pamphlets of customer rights and responsibilities etc.
Resources for indicator 4.C.1.3

4.C.1.4 If the provider partners with third parties, it reviews the the third party's code of conduct prior to signing a contract to check for commitment to fair and respectful treatment of clients.

The goal of this indicator is to ensure that any external service providers are held to the same standards for fair and respectful treatment of clients as the financial institution. Third parties can be debt collectors, agent networks, MNOs, insurance providers, other financial institutions such as banks, postal offices etc…

Partnering with third parties or other service providers requires taking the necessary precautions by the provider to ensure that they share the institution’s commitment to client protection. The provider is directly responsible for verifying that the partners apply all necessary practices in terms of fair and respectful treatment of clients; the third party is required to have a Code of Conduct - or any similar document - that governs the business conduct towards clients or their adherence to the provider’s Code of Conduct can be written into the contract that governs the relationship between the provider and the third party.

This might require developing specific contractual terms for the partnership that cover client protection requirements.  In some cases, providers can impose their own business conduct/ behavior and make it an integral part of the agreements and make additional efforts to train the third-party's staff on expected behavior toward clients.

The question here: what is the policy/ procedure that is in place for acquiring partners and third- party service providers? how do FSPs confirm that all necessary steps have been taken so that the third parties comply with client protection?

In addition, it is the institution’s responsibility to monitor its external provider’s behavior towards its clients including handling client complaints related to the services and treatment they receive from the third party providers.

Scoring guidance
  • If the provider does not use third parties or external providers in any of its processes, then this indicator is NA.  
  • The indicator specifies that the provider reviews the third parties code of conduct BEFORE they sign a contract, and that in this review they check for commitment to respectful treatment of clients.  
  • FSP can only pass this indicator if third- parties commitment to fair and respectful treatment of clients is part of the agreement between the FSP and the third-party.
Sources of information
  • All Contracts with third parties
  • Procurement / partnerships policies
  • Interviews with managers of the relationships with the third-party providers.
Evidence to provide
  • All contracts between the financial institution and its third party providers
  • If available, Quotes from the third-party Code of Conduct refering to fair treatment of clients.  
  • Results from interviews  
  • Results from internal monitoring systems  
  • Results from client satisfaction and exit studies

4.C.2 The provider does not use aggressive sales techniques.

Implementation Guidance

Aggressive sales techniques can be particularly damaging for low-income clients and those with limited financial capability, as they may be more likely to buy products due to sales pressure rather than because the product is a good “fit.”

Aggressive sales can mean larger outreach and bigger portfolio, but it can also lead to higher rates of default and lower customer satisfaction when client’s end up with products they don’t need and/or don’t understand.  In recruiting new clients, the provider must never resort to deceptive or aggressive practices because it will not lead to healthy growth in the medium or long term.  

Examples of aggressive sales include:

  • Putting pressure on a client to take a product he doesn't need/want, this may take the form of calling everyday, visiting the client’s home or business very frequently, following them in the street etc
  • Telling clients that there is a time limit on a specific offer (“you must sign today, because the price will go up tomorrow”)
  • Adding a side-product, bundled with a product the client has chosen, without informing the client (eg: adding an insurance without telling the client)
  • Continuing to pursue a client who has clearly declined a product
  • Discouraging or preventing clients from consulting with a trusted person; or from reading product information thoroughly e.g, the contract, etc.
  • Intimidating or threatening the client (“if you don’t purchase life insurance, you are going to look like you don’t care about your family”)

FSP should define aggressive sales and put in place safeguards to prevent it such as monitoring staff compliance with expected behaviors through internal audit or a monitoring department that interviews clients to ensure they were treated in keeping with the organization’s values and policies.  The provider needs to ensure that it sets reasonable growth targets and uses incentives schemes that do not trigger aggressive sales. FSP is supposed to conduct market studies before setting the growth targets, hence, sales should be within the acceptable growth targets and any sales outside the pre-set threshold, causes the FSP to investigate.

4.C.2.1 The provider has internal controls to monitor whether employees or agents are engaging in aggressive sales.

This indicator’s goal is to ensure that clients are not pressured into buying products they don’t need and/or don’t understand simply because the field officer wants to meet his/her targets for sales or number of new clients etc. The first step in preventing aggressive sales is for the institution to define what “aggressive sales” means in their culture and context.

As a first layer of control, the Operations department should have means to control such behavior. Internal audit or Risk department should also intervene when any indicators fall outside a set range. For example, higher than average productivity could trigger visits to the loan officer’s newest clients, to ensure sales were consensual.

Scoring guidance

To pass the indicator the institution needs 1) to have defined clear indicators that signal a risk of aggressive selling, and 2) based on these indicators, monitor staff’s and agents’ behavior to identify any instances of aggressive sales.

Sources of information
  • Document that contains the indicators that are used to monitor aggressive sales
  • Interviews with field staff on how sales are conducted, how difficult their sales targets are to reach, what are their commercial “tricks” to sell
  • Growth targets, incentives' schemes and their related productivity ranges  
  • Sales prohibited behaviors  
  • Sales Training  
  • Audit checklist  
  • Interviews with clients
Evidence to provide
  • Provide the indicators that are used, and if any, the document where definition of aggressive sales is found
  • Description of the monitoring mechanism, how often it is conducted, by whom
  • Instances of aggressive sales identified
  • Results from interviews

4.C.2.2 The provider's incentive structure does not promote aggressive sales.

4.C.2.2.1 When front-line employees' salaries are comprised of a fixed and a variable portion, the fixed portion must represent at least 50% of total salary.
4.C.2.2.2 The provider monitors front-line employees' productivity ratios and investigates those that are above a predetermined threshold.

An incentive or bonus structure that encourages unrealistically high productivity can lead to aggressive sales. Pro-growth metrics take various forms including number of new clients, growth in clients, amount of portfolio, growth in size of portfolio etc.  

Detail 4.C.2.2.1 ensures that employees are not dependent on incentives to secure enough income for basic survival, which could lead them to aggressive sales practices. This detail means that if staff receive a total payment of 100, incentives cannot account for more than 50, and the fixed salary must be at least 50, at any point of time.  

For loans, the incentives' structure should consider both sales and portfolio quality and portfolio quality should be at least as heavily weighted as growth, with growth represented by all the pro-growth variables used to calculate incentives. This ensures that sales staff will be careful as to disbursing loans that clients need and can repay.  

Productivity ratios include at least (i) number and volume of disbursements per loan officer (ii) number of active loans per loan officer (iii) average loan size disbursed and outstanding, and any other relevant criteria.

The high performance may be due to an efficient loan officer, but it also could indicate over-selling to reach targets.

Scoring guidance
  • To meet the first detail the fixed compensation must be at all times at least 50% of the total monthly compensation and should also represent a living wage or minimum viable salary so that the loan officer can live from the base pay alone.  
  • Conduct an in-depth analysis of at least 12 months field staff payroll to verify these percentages. If the amount of bonus/incentive/variable salary actually paid exceeds at any point of time the fixed salary, then the answer is “no”; it may be “partially” if it happens under exceptional circumstances.
  • For the second detail, the institution must 1) have defined internal red flags with clear indicators to determine if any requires additional investigation, 2) monitor field staff productivity ratios on a monthly basis 3), have independent staff monitoring these (eg: audit or internal control or risk management) and 4) actual investigation and actions taken in case a red flag appears.
Sources of information
  • Incentives policy
  • Productivity ratios in the past year: number and volume of disbursements per loan officer (ii) number of active loans per loan officer (iii) average loan size disbursed and outstanding, and any other relevant criteria.
  • Payments to field staff with breakdown of fixed salary and incentives and calculation of percentage of fixed salary / total payment.
  • Monthly branch reports
Evidence to provide
  • Description of the incentive scheme
  • Results of the productivity and payroll analysis  
  • Description of the red flags and monitoring process, how often and by whom

4.C.3 The provider protects clients' rights to respectful treatment during the loan collection process.

Implementation Guidance

It can be a challenge to convince employees to treat clients with fairness and respect during collections. That is why it is important to specify the standards of conduct expected of employees during this phase of the credit process (including third-party staff, if collections are outsourced).  

Specify acceptable and unacceptable behavior

In your credit manual or collections manual, provide a detailed description of what is acceptable and unacceptable behavior during collections and the steps to follow in the case of default, including the timeline (i.e., after how many days you will take a specific action and after another x days what the following actions are)., and train staff on the policies. In addition to spelling out processes and identifying prohibited treatment, staff should receive training on both the policy and expectations as well as skills such as negotiating techniques, understanding customers, managing tensions, and reaching amicable agreements.

Put collateral policies in place

Abuse is common during collateral seizure, but even delinquent clients have the right to fair and respectful treatment. Your collateral seizing policy should specify when and under what conditions seizing collateral is appropriate. It should require that staff exhaust other options before moving on to collateral seizure and that they follow local laws (e.g., obtaining a court order). The policy should also prohibit staff from forcing clients to sell their own collateral to pay off their debt, as well as the practice of clients selling collateral to staff, agents, or anyone affiliated with their financial institution.  

If the value of the seized collateral exceeds what the client owes your institution (the outstanding principal + accrued interest up to 180 days + any penalty fees and legal costs), return the difference to the client. Finally, if it is your institution's practice to keep collateral on the premises (e.g., at a branch office), it must be kept in a locked room or secure area, and the location should be noted in the client’s contract.

It is important to make clients aware of collateral seizure processes before they take a loan. Doing so not only increases transparency for the client, but also creates greater accountability among staff, who will be aware that clients know their rights. If seizure becomes absolutely necessary, it must be preceded by informing the client and allowing the client to attempt to remedy the default. This policy applies to group and individual loans. In all client default scenarios, staff should not take any significant actions against the client—for example, collateral seizure—before taking the time to understand why the client has defaulted and discussing solutions for repayment.

It is not uncommon for financial institutions to use third-party agents to help in loan collections. In these relationships, the provider is ultimately responsible for the agent’s behavior. If your institution uses third-party collections agents, they should be held to the same standards of conduct as your institution’s staff. You are not responsible for training third parties, but you must verify that the staff of the third party receive training on fair and respectful recovery practices. In addition, your Internal Audit should verify a sample of clients delegated to third-party agents to ensure that collections practices in these cases were also in compliance with the institution’s policy.

Put in place rescheduling and write-off policies

Include in your collections policy the guidelines for rescheduling or writing off loans. The policy should specify that rescheduling and write-offs should only happen on an exceptional basis, and not as a routine reaction to delinquency. List cases of specific examples of client distress that would call for rescheduling or refinancing (e.g., natural or man-made disasters; major hospitalization, etc.) and those that would call for write off. As a further protection against over-indebtedness and abuse, assess client willingness to repay as part of the loan recovery process and require that rescheduling/write-offs are authorized by a higher ranked employee than the one proposing the rescheduling, refinancing, or write-off. Box X presents an example of a rescheduling policy, based on the policy used by FUBODE (Bolivia).

4.C.3.1 The provider's collections policy includes the following:

4.C.3.1.1 A list of appropriate and inappropriate debt collections practices, including collateral seizing practices.
4.C.3.1.2 A schedule for the collections process that allows time for the debt collector to determine the reasons for a client’s default and for the client to find solutions.
4.C.3.1.3 The provider informs the client prior to seizure of collateral, allowing the client to attempt to remedy the default.
4.C.3.1.4 A prohibition on sales of the clients' collateral to the provider, the staff of the provider, to their relatives, or to third parties involved in the seizing process.

For 4.C.3.1.1:

Providing only acceptable collection practices is not enough, collection staff may do unacceptable things without realizing they are unacceptable unless they are clearly stated in the policy, hence; there must also be a formal description of unacceptable collection practices and the sanctions that will apply in case of a breach of this policy. The policy must also prohibit the practice of forcing the clients to sell its assets to pay the loan.

Collateral seizure process should also be formalized so that clients are protected from staff overstepping their role and authorizations.  

For 4.C.3.1.2:

Understanding the reasons for the client’s default allows the institution to determine if the institution has a role in the default e.g. too much credit was given, capacity analysis was not correct etc. And to understand if the client has the willingness but not the ability to repay. This knowledge allows the institution to create an appropriate response to the client’s unique situation.  

For 4.C.3.1.3:

The collateral provided by the clients may be of great importance to their livelihood or wellbeing or income generating ability. The client must be given the opportunity to remedy the late payments prior to the seizing of the collateral. This fair treatment of the client will build loyalty and good will for the institution among the client and their friends and family.

For 4.C.3.1.4:

The institution should have a section of their code of conduct, in their employment contract, or in another policy that the staff sign about the importance of avoiding conflicts of interest. One of the types of conflict of interest that should be specified as prohibited is the sale of collateral to the staff or their friends and family in order for the clients to repay the institution.

Scoring guidance

To pass the indicator, the institution must pass each of the Details. Therefore, the institution’s collections manual or policy will need to have in place the following:  

  1. it must be formalized in a policy or Code of conduct or other document approved by the board  
  2. it must specify acceptable collections practices,  
  3. it must specify unacceptable collections practices, including the prohibition of forcing clients to sell assets
  4. it must apply to staff AND third-party collections agents.
  5. it must specify the timeline and steps to take for clients that have fallen in arrear, in addition to the responsible person,  
  6. this timeline should include the staff’s efforts to understand the reasons for the client’s default,  
  7. It should offer guidance to identify when clients are willing but unable to repay and what solutions should be proposed to these cases
  8. it must specify the process of collateral seizure, including that the client receive advance notification before collateral seizure so they can attempt to remedy the default
  9. it must prohibit the sale of collateral to the institution’s staff, agents, or family of the same

If any of these aspects are missing it will “partially” or “no”.

Sources of information
  • The Credit manual, the collections manual, the code of conduct, a documented process for collateral seizure etc. Any of these documents or others is acceptable as long as it meets all the criteria in the scoring guidance.  
  • Verify with clients and field staff that this is implemented in practice.
Evidence to provide

The name and page number of the policy or manual or other document where these practices are formalized.

4.C.3.2 The provider restructures or writes off loans on an exceptional basis, based on a list of cases of specific distress.


Restructuring and write off should not be an easy way out for poor capacity analysis. But it should also be offered for those clients that are experiencing unexpected debt stress. The provider should have a policy or at least a formal process that defines  

  • A list of cases of specific distress under which clients can be granted rescheduling or refinancing or under which loans can exceptionally be written off  (e.g., natural or man-made disaster; major hospitalization, etc.)
  • When these methods of last resort can be used,  
  • and what the conditions are for their granting.  

The provider should always consider restructuring prior to seizing assets.

In addition, loan officers must be aware of the possibility of offering restructurings to clients, and provide those who fulfill these conditions with the information on how to apply.

In order to avoid abusive use of restructuring by loan officers, the procedure should include the need for approval by someone higher up than the loan officer who conducts the restructuring process. It may be the direct decision of the CEO/Managing Director, even in that case, the policy should describe the exceptional events that may lead to restructuring.

Scoring guidance
  • Make sure the response is consistent with 3.B.3.1 and 4.A.2.1.2
  • There doesn’t have to be a formal policy on restructuring, or write-off, but at a minimum, there has to be some kind of written document that field staff are trained on, that internal audit and controls can refer to and it has to precisely lay out the cases of eligibility, and conditions to be fulfilled. One of these conditions has to be the approval by a supervisor.
  • If the provider has the policy but doesn’t use it in practice, if loan officers are not really authorized to use or offer it to the client, then the answer cannot be “yes”. Assess the degree of incompliance; for example if the provider takes legal actions against clients who have the will but not the ability to repay, without exploring the possibility of restructuring, then the answer would be “no”.
  • This indicator cannot be scored a NA. For some providers, restructuring may not be common, but there are inevitably situations where restructuring should be offered. If there is no restructuring policy because the provider ‘never reschedules’, then the answer is ‘No’.
Sources of information
  • The credit manual, collections procedure, write off policy, rescheduling policy
  • Interviews with Head of credit and branch staff to gage if practice differs from policy
  • Review of the reports tracking restructured loans
  • Sample files from restructured loans  
  • Samples files from write off lists  
Evidence to provide

Provide the name of the document ruling restructuring and write-offs, and describe the process and conditions. Provide examples of cases leading to restructuring loans.

Resources for indicator 4.C.3.2

Standard 4D. The provider secures client data and informs clients about their data rights.

The privacy of individual client data is respected in accordance with the laws of individual jurisdictions as well as these international standards. Client data will only be used for the purposes specified at the time the information is collected from the client, or as permitted by law. Data security is a key component of confidentiality, especially in the digital age. The institution takes the necessary steps to ensure that client data is secure, including teaching staff and clients about the importance of data security and how to keep their information private.

This standard has 2 essential practices:

4.D.1 The provider maintains the security and confidentiality of client data.

Implementation Guidance

Your clients share very important personal and financial information with your organization, and you have a responsibility to protect the privacy and confidentiality of this data. Misuse of data such as client photographs, account numbers, and personal identification documents can have devastating effects on clients.

If you work with third-party providers that have access to client data—for example, insurance providers, payments agents, marketing firms—your contract with these providers should specify that they will maintain the security and confidentiality of client data. Monitor whether third-party contractors are honoring their commitment to data confidentiality, for example by inquiring about the security of their systems, interviewing clients about their experiences regarding data security (e.g., “Did the agent ask you to sign this privacy agreement?”), and testing the agent’s process through mystery shopping.

Staff who leave your institution no longer have many incentives to protect client data. Establish a process to safeguard data from misuse by former employees. Such measures may include terminating the employee’s login credentials promptly at their departure, collecting all work equipment (laptop, building keys, etc.), wiping (erasing the information from) the employee’s personal devices (e.g., mobile phone) of company data, and other security precautions that apply in your context.

Your IT systems are also vulnerable to misuse. Put in place security measures to protect against unauthorized access to data—including passwords, access hierarchy, firewalls, and adequate software infrastructure. Change IT passwords periodically and structure access to data according to the position of the staff member accessing the data and their role. Additionally, back up your systems daily, with at least one back-up stored securely off-site.

FUBODE (Bolivia) has a specific room assigned within each branch to store clients’ physical documents. Each of these rooms has smoke detectors, professional cameras, motion sensors, and fire-resistant filing cabinets to store clients’ physical documents. The room restricts access to only one staff member per branch. Additionally, the FSP invested an average of US $3,500 per branch to install in each branch surveillance cameras and a panic button for each cashier as well as an alarm system monitored by a third-party central office.109

Whether computerized or not, your information systems should ensure the security and privacy of client data. Restrict employees from taking home client files or copies of the databases, and keep records of the names of staff who request and/or are granted permission to access client files outside of normal conditions (e.g., after working hours). Keep hard-copy client files in a secure place, with controlled access. For example, FinDev’s (Azerbaijan) policy on data security110 states: “Loan contracts and copies of all other official documents regarding the client’s loan file are kept in iron cases in the room of finance manager. Other documents are kept in locked bookcases under supervision of respective loan officer.”

Plan for how to keep data safe in case of unplanned network downtime or emergency. A business continuity plan that covers several of the most likely scenarios—such as a security breach, network overload and slow down, or a natural disaster that shuts down power and connectivity—will help keep information safe during unexpected events when data could become vulnerable. Policies and procedures as well as IT systems such as firewalls and passwords help build the system necessary to ensure the safety of the clients’ data.

Finally, all product contracts should include a privacy clause that specifies how data will be used and protected. This clause should be included in plain language and prominently displayed in the contract—for example, do not hide it in small print. This clause should also be included in the Key Facts Document. For savings products, it should be clear who has access to the client’s account; for credit products, clients should know whether their information will be shared with a credit bureau, or others, such as insurance companies or collections agents.

4.D.1.1 The provider has data security and confidentiality policies that cover the gathering, use, distribution, storage, and retention of client information.

Regardless of national regulation, your institution should have a written privacy policy and procedures that govern the gathering, cleaning, processing, use, distribution, and storage of client information.2 The policy should cover current employees and also those who leave the organization. The policy should specify the sanctions or penalties that will apply to any staff that violate the privacy policy—for example by misusing or misappropriating client data, leaking information, or exposing client data to third parties without client consent. The provider’s privacy policy and procedures should explain how the privacy and confidentiality of client data is ensured.

Scoring guidance
  • This indicator requires 1) written and formal documents or policies that address how the institution will ensure the 2) confidentiality, 3) security, and 4) accuracy of clients' personal, transactional and financial information. These documents must cover all of 5) gathering, 6) use, 7) distribution, 8) storage and 9) retention of client information. If any of these components are missing the institution receives a “partially”.
  • Having employees sign a confidentiality agreement upon hiring alone is not sufficient, and the score would be “no”.
Sources of information
  • Privacy policies and processes may not be all in one document, but spread out in different operational manuals.  
Evidence to provide

Specify the documents and page numbers where the policy addresses each of the components mentioned in the scoring guidance.

4.D.1.2 The provider maintains physical and electronic files in a secure system.

4.D.1.2.1 System access is restricted to only the data and functions that correspond to an employee's role ("least privilege" principle).
4.D.1.2.2 The provider controls employee use of files outside the office and the provider keeps records of the names of employees who request/are granted access to client files.
4.D.1.2.3 The provider defines a clear process to safeguard client data when employees leave the organization.

This indicator aims to ensure that the practices required by the privacy policy are actually implemented by the institution and its staff. In particular, that safeguards in are place to prevent the theft and misuse of client data or identity by current and former staff, other clients, and parties outside of the institution.

The provider should also be protected against security breach, fraudulent access to its systems.

Data security is critical to operational success and a positive reputation. Especially as digitalization of operations expands both physical and digital data security are of equal importance and both must be planned for, implemented, and monitored to ensure client data is kept secure from misuse or exposure from internal and external actors.

Scoring guidance

The systems in place must protect client data by 1) restricting access to client data based on staff role and hierarchy 2) limiting, controlling and documenting access by staff to physical records of client data, and 3) defining how the organization will protect client data from terminated or departing employees.  

Sources of information
  • Branch observation of how employees access physical and electronic files
  • Interview with the IT Director or MIS manager
  • Document listing the MIS profiles and their corresponding levels of access (authority matrix)
  • Any document ruling the circulation and safeguarding of physical files
  • HR and IT process at employee departure/ termination of contract  
Evidence to provide
  • Specify what types of systems are in place to ensure data security,  
  • Description of the monitoring process of logs to electronic systems, to client files and to safes.
  • Describe the process at the departure of an employee  
  • List documents and page for each of the three details above.
Resources for indicator 4.D.1.2

Smart Campaign’s Smart Note on Caja Morelia

Field Example

Equitas Protects Client Data

Equitas (India) was the first MFI in India to have a core banking solution, TEMENOS-T24. This product is an extension of T24 Banking software, developed specifically for microfinance and the community banking sector. Client information is highly secured and well protected in TEMENOS, with defined user access and passwords. All back office employees are trained in the usage of this system. Branch staff do not have access to client data, except what is necessary to handle collections through the collection sheets. Equitas has a distinct client filing system and safe storage of the client information files. Soft copies of client files are stored in the software while hard copies of client files and loan documents are coded, stacked, and kept secured at a data warehouse in Chennai. Equitas invests regularly in IT audit and maintenance to review client security.

4.D.1.3 The provider conducts a risk assessment to identify the data-related risks to clients. Minimum frequency: annual

The purpose here is to proactively ensure that risks related to data security are identified and managed – that all necessary security and privacy controls are in use and are regularly updated. The assessment should be done periodically to help identify any weaknesses in information security and privacy controls – if any- and reduce risks. If operations are significantly digitized then it should be done more often than once a year.

A data risk assessment is also necessary when introducing a new product or feature, or after a data breach, to document lessons learned and improve controls and reduce the likelihood of a similar breach in the future.

Scoring guidance
  • The FSP can pass this indicator only if data risk assessment is being conducted every year.  
  • Make sure that the staff conducting this risk assessment is qualified to do it.
  • It should be listed in the annual plan and budget, and can be conducted either internally (risk management department or audit), or externally.
Sources of information
  • Interviews with Risk Management department or internal audit department  
  • Annual plan for risk / audit / IT  
  • Data security policy or privacy policy  
  • Risk assessment reports  
Evidence to provide
  • Description of who conducts the data risk assessment and how often
  • Summary of the results of the most recent assessment  
  • Page from the Risk department or audit department annual plan that requires the risk assessment

4.D.1.4 If the provider works with third parties that have access to client data, the provider's agreements specify that third parties will maintain the security and confidentiality of client data.

Third parties must be held to the same standards of preserving security and privacy of client data. Any third party that gets access to clients’ information—credit bureau, agent network, insurance company, collection agencies, mobile operators etc.—must also keep client data secure and confidential. NDA (non- disclosure agreement) should be signed or should be part of the full agreement/contract with third parties. The non-disclosure agreement must cover expectations related to security and confidentiality of the clients’ data.

Scoring guidance
  • The provider can pass this indicator only if the agreements with third parties cover the 1) security and 2) confidentiality of client data.  
  • In the case of a credit bureau, the confidentiality needs to be addressed within the framework of what credit bureau are authorized to disclose. In any case, security of client data remains an important element to cover.  
  • If the provider does not use any third parties then this indicator is NA.  
Sources of information
  • Review each agreements/contract with the third parties  
  • Procurement policy/ procedures
Evidence to provide
  • List all the third-parties that may have access to client data and say whether there is a privacy clause or NDA.
  • Provide a sample of the language in these agreements with third parties

4.D.2 The provider informs clients about data privacy and data rights.

Implementation Guidance

Being careful stewards of your client’s personal and financial information is key to building trust with your clients and a reputation as a responsible actor in the sector. Especially with the rise of digitalization, the protection of the security and confidentiality of client data becomes a much more extensive and intensive undertaking. Digital channels make control of the clients’ data more difficult because the institution can no longer rely on the safekeeping of the physical files to be enough to ensure its safety. In some markets this has been an issue for a decade while in other markets digitalization has only proliferated since the COVID-19 pandemic. However, no matter where your institution is in its journey toward digitalization it is important that you take your staff and clients along on that journey by providing sufficient digital education so that both staff and clients have the necessary tools and knowledge to keep their personal and financial information safe.  

Starting at the time of the application, obtain client consent before sharing personal information with any external audience, including credit bureaus, family members, guarantors, insurance agents, collections companies, and marketing material (e.g., your annual reports, website), or other public content. This encourages a relationship of trust and respect. If applicable, require that clients name one beneficiary for their life insurance policy, so that the institution can safeguard the clients’ account from all other people who have not been named as the beneficiary.  

When talking to clients, emphasize the clients’ own responsibilities for keeping data private, such as storing records in a secure location and not sharing personal identification numbers (PINs). Finamérica (Colombia) publishes a brochure for clients112 with tips for information security, including: avoiding bank employee impersonators, avoiding robbery, keeping debit cards secure, protecting personal information, and how to contact the bank if a security problem is detected.

Resources for 4.D.2

4.D.2.1 The provider explains to clients how it will use client data, with whom it will share the data, and how third parties will use the data. The provider receives clients' consent before using or sharing their data.


This indicator seeks to create an environment of informed consent between the financial institution and its clients with regards to the collection, use, and sharing of the client’s personal data. The sales process should include a clear explanation of how client data will be used or shared. If third-parties such as the credit bureau, or an insurance company receive any piece of client information, clients need to be aware who will what information, and for what specific purpose these third parties need the data.

Examples of data sharing:

  • Reporting client data to credit bureaus  
  • Using client data for marketing, (client personal/individual data, stories and picture, quotes, satisfaction survey results....)
  • Selling client data to third parties  
  • Delegating collections of delinquent loans to specialized collection agency
  • Using client geo-location data
  • Using client personal data to inform loan decision (apps that look into your social networks, your contacts, your pictures...)
Scoring guidance
  • To meet this indicator the provider must 1) clearly inform the client about how it will use his data and 2) with whom and for what purpose it will share this data 3) PRIOR to the client’s signing of the contract/consent document.  
  • Regarding the credit bureau, if the provider only informs clients about the fact that they will consult the credit bureau, this is insufficient and should be scored “partially”. Indeed the client should also be aware that his loan information and status will also be shared with the credit bureau.
  • If the institution provides this information in full, but AFTER the client signs the contract, then the score is partially.  
  • If all these topics are not systematically highlighted to clients, it is “No.”
Sources of information
  • A template contract and/or a sample client loan application;  
  • Listening to the sales pitch, contract signing, and disbursement to hear how staff address the issue of data privacy and consent.  
  • Client interviews to gage their understanding of the use and/or sharing of their data.  
Evidence to provide

Note when the data sharing is explained, and how, and how well clients understand the use and sharing of their data.  

4.D.2.2 Information about data use and consent is easy for clients to understand.

4.D.2.2.1 When requesting consent from clients to use their data, the provider explains in simple, local language, either in writing or orally, how it will use the data.  
4.D.2.2.2 The provider trains clients on the importance of protecting their personal information including Personal Identification Numbers (PINs), savings account balances and information on repayment problems.
4.D.2.2.3 The provider gives clients the right to withdraw their permission to use data and explains any consequences of withdrawal.


In addition to having secure internal systems for keeping client data safe, the provider must be completely transparent with clients about how their personal information will be used, and must get their consent before using or sharing their data. It must also allow users to retrieve and delete their data from the systems (right to oblivion), especially when a client opts out of a service. This is specifically important with digital financial services who may have access to external and private data from the client’s device.

Especially in cases where clients’ have low levels of literacy it is important to provide a clear and systematic explanation and confirm through Q&A that the clients understand the information imparted.

Scoring guidance
  • The institution must systematically provide a simple explanation either verbally or in writing to all clients about how their data will be used, why it needs formal consent, and the importance of safeguarding their own data privacy. These topics as well as informing about client’s right of permission withdrawal must absolutely be addressed at the moment of requesting data or access to data to score “yes”.  
  • In the case of credit bureau consent, it has to cover both: (i) consultation of the client’s credit history, (ii) as well as reporting client’s credit information to the credit bureau. Verify that consent is given at time of application since the credit bureau check will be done before signing the contract.
  • Staff should explain data sharing practices and safeguards. The institution has to train clients so they understand why data privacy is important and how to maintain it. This briefing can take place prior to signing or after signing the contract.
  • The right to withdraw access to data should be included in the contract, or provided on any publicly available material, so that the clients can refer to it later. It has to mention how to do so and what consequences come with withdrawal of data access. If it is mentioned orally but not available for later referral, then the score is “partially”.
Sources of information
  • Contract template; loan application form; consent form (credit bureau, insurance, digital information accessed on the mobile etc…)
  • Review of a few client files
  • Interviews with clients and field staff,  
  • listening to the sales pitch and signing stages of the credit process.
  • Check if this topic is covered in the training offered at group meetings or the disbursement speech for individual loans.
Evidence to provide
  • Describe how each of these topics are addressed, by whom, in what format, and at what moment of the sales and signature process.  
  • Results from interviews

4.D.2.3 The provider notifies clients of their right to review and correct their personal and financial data.


Client data is personal and ultimately belongs to the client. The provider must have an effective system for updating clients’ data and informing them about their right to review/update their data and educate them on the importance of maintaining accurate information.  

Scoring guidance
  • To pass this indicator the FSP must have:
  • System in place for updating clients’ data  
  • Awareness systems in place to inform the clients about their right to correct and update their data.
Sources of information
  • Observation of communication with clients
  • Policy / process for updating/verifying clients’ data  
  • Interviews with customer service, MIS or database management etc.  
  • Interviews with clients
Evidence to provide
  • Description of data processing and review system
  • Description of campaigns to update client data  
  • Results from interviews

Standard 4E. The provider receives and resolves client complaints.

Open lines of communication between the institution and its clients are essential to building trust, resolving issues, and improving products over time. All financial institutions should have multiple channels by which their clients can reach them to report a complaint. However, it is vital that managers and staff of these institutions recognize that clients call or write to their financial institution for a variety of reasons aside from complaints e.g., with questions, to request additional products, to make suggestions, to request assistance, and to report abuse or fraud etc. A complaints handling mechanism should not been seen as something negative that will just make it easier for customers to complain about staff, rather various convenient and affordable channels of communication should exist to connect the institution to its customers for the benefit of both the clients and the institution.

This standard has 3 essential practices:

4.E.1 The provider has a complaints mechanism that is easily accessible to clients and adapted to their needs.

Implementation Guidance

Your institution should have a complaints system that allows clients to raise issues, make complaints, and ask questions. An effective mechanism allows for a timely response to clients, and it enables your institution to address both individual and systematic problems. A complaints mechanism empowers clients to deal with questions and problems, making it more likely that they will be informed, confident consumers. It also gives your institution the opportunity to resolve questions and complaints before they interfere with client loyalty and retention. Many issues are fairly simple to resolve—for example, questions about insurance benefits or complaints about a nonresponsive ATM—and are not worth losing clients. Responsiveness on your part also makes it less likely that dissatisfied clients hurt your reputation in the market.  

Whatever mechanism(s) your institution chooses, you should put in place a specific complaints policy that includes the following elements:  

  • Resolution procedures: Define how to manage and resolve complaints, including what types of complaints can be handled by the person receiving the complaint (loan officer, branch manager), and what types should be referred to designated complaints personnel or management.  
  • Reporting system: The system should ensure that employees register all complaints—for example, by using a numbered register or tracking in a database that allows your institution to follow the case through to resolution, and to analyze complaints in aggregate.  
  • Communication with agents: If your clients have complaints about a third-party provider or agent (e.g., external collections agency, insurance company, digital POS), clients should be able to complain directly to the third party OR to you. Ask the external provider for access to client complaints made by clients of your institution. Clients see third-party providers and agents as an extension of your organization, so it is important that you know about client complaints against these organizations.  If your third-party providers will not share an aggregated monthly list of the complaints against them submitted by your clients, then you should train your clients to complain about the agents directly to you.
  • Defined timelines: Respond quickly to client complaints, ideally within 24 or 48 hours for most complaints and questions and within no more than a month of submission for serious/complicated cases. Resolution time should be based on the severity of the complaint. Many issues can be resolved on the same day they are raised. These issues include the “frequent questions/complaints” that all employees are authorized to handle. Others will require follow-up and investigation, such as accusations against an employee or problems using a product or service. Create a timeline for complaints resolution, including realistic but responsive timeframes for dealing with these different types of issues.

Your institution’s complaints “system” refers to the process of recording a complaint in a database, recording the steps taken toward resolution, and documenting the final resolution. This system must facilitate analyzing the database of complaints to assist the institution in identifying trends and institution-wide issues. This system should be as automatic as possible. For example, each complaint is recorded in an internal database and is automatically assigned a reference number. Additional database entries are recorded when that complaint is “in process” (e.g., being reviewed by an Ethics Committee), and when it is resolved. The database should allow your institution to easily aggregate complaints from all different channels and analyze them by type (e.g., loan questions, employee misconduct, problems with infrastructure), location, and other relevant factors. Ideally, the database will also generate reports on complaints trends – these should be shared with management and the board on a regular basis.

Inform clients on their right to complain

Inform clients of their right to complain, and explain to them how to use the complaints mechanism(s). Provide a verbal explanation during the product application process—for example, at the time of the application interview, orientation sessions, and/or disbursement. At the same time, prominently display written information on how to submit a complaint in branch offices (posters, brochures) and/or in product documentation. For example, Equitas (India) prints on each client passbook phone numbers for the following people/agencies: Equitas’ CEO’s office, Equitas’ internal ombudsman, and the national regulator.

Make sure clients know how to bypass a particular staff member, especially their loan officer, to make a complaint—particularly if the complaint is related to that person. Also, inform clients about complaints mechanisms available outside of your institution, for example national networks, local ombudsman, or a self-regulatory organization such as a consumer protection organization.  

Your complaints system should make it possible for staff to inform clients when a complaint is resolved, and to stay in touch along the way if the resolution process requires client involvement or is taking a long time. Clients should also be able to follow up on their complaint if they have a question during the resolution process.

Train employees

Provide training to your employees on how the complaints mechanism works. The training should cover how the complaints mechanism works, the role of complaints staff, how to appropriately manage complaints until they are resolved, and how to refer them to the appropriate person for investigation and resolution. While all employees should memorize the customer service hotline number, for example, many other aspects of the training should be position-specific, as complaints handling responsibilities vary dramatically across the organization. For example, loan officers may be responsible for informing clients about the mechanism during orientation, referring clients to it during the loan cycle, and reminding clients about it during group meetings. The training (and your staff book of rules) should be very clear on the importance of using the mechanism correctly, and it should specify sanctions for staff that willfully fail to report a complaint. Table X provides examples of staff responsibilities for complaints resolution.  

Verify that third parties (e.g., agent network managers) train their own representatives on how the complaints mechanism works, the role of complaints handling staff, how to appropriately manage complaints until they are resolved, and how to refer them to the appropriate person for further investigation and final resolution.

4.E.1.1 Clients have a way to submit complaints to persons other than their loan officer/product officer and that person's supervisor.

Use a mechanism that allows clients to circumvent the person who is managing their product. For example, a borrower should be able to bypass loan staff and complain to a customer service representative, and a client sending payments should not have to complain to the sending agent but rather have the option of calling a help line. This measure protects clients from retaliation, burial or mishandling of the complaint. Most clients would rather suffer in silence than risk losing access to their financial products and services.  

Scoring guidance

To pass this indicator the FSP must offer at least one channel by which clients can submit complaints to the institution that allows them to circumvent their primary point of contact e.g. loan officer.  

Sources of information
  • Complaints handling policy – complaints channels  
  • Interview with the complaints or customer service manager
  • Interview with clients
Evidence to provide

Description of all the channels by which clients can submit their complaints

4.E.1.2 The provider has at least two complaints channels that are free of charge and accessible to clients.


The mechanism(s) your institution puts in place should be adapted to clients’ needs and preferences, and it should be easily accessible for the majority of clients. Usually, this means that you provide both a cost-free number that clients can call, as well as in-person customer service representatives. In the past many providers used suggestions boxes as their primary or sole means of collecting customer complaints. However, suggestion boxes are insufficient. Illiterate clients cannot write suggestions/complaints, making a complaint in writing presents the added burden of travel to the branch, and these boxes were often only checked on a monthly basis. Offer clients a mechanism that is convenient, accessible for illiterate clients, and allows your institution to respond in a timely way. It is alright to use branch suggestion boxes, but institutions should also offer a complaints hotline, and make regular visits to client centers or businesses to inquire about any problems may be experiencing.

Scoring guidance

To pass this indicator the FSP should provide:

  1. at least two different channels by which clients can submit complaints
  2. those channels should be cost free and easy to use
  3. at least one of those channels needs to be accessible to illiterate clients

If any of these aspects are missing than the score is “partially”

Sources of information
  • Interviews with the head of complaints,
  • Interviews with customer service representatives/manager
  • Complaints handling policy or matrix
  • Interview with clients
Evidence to provide

Description of all the active complaints channels that clients access and any costs associated with any of those channels

4.E.1.3 The provider informs clients how to submit a complaint.

4.E.1.3.1 The provider displays information on how to submit a complaint in branch offices, at agent locations, in product documentation, and in all digital channels it uses to provide services to clients.
4.E.1.3.2 At the time when clients are applying to use a product, the provider informs clients on how to submit a complaint both to itself and to any third party partner.


If you want the complaint mechanism to be efficient, clients need to know about it. The details of this indicator explain the basics of how to inform clients about their right to file complaints, and how to do so. The institution can provide this information in a variety of ways that include in writing through loan contracts, a Key Facts Document, a brochure, via TVs and posters at the branches, social media, posters at agents’ locations, the website, digital channels such as the provider’s App, and orally during the product application and client orientation processes.  

This includes how to submit a complain to a mechanism other than the provider, if available (e.g., self-regulatory organization or public sector ombudsman).

The institution is required to inform the clients about how to submit a complaint against third- parties as well.

Scoring guidance
  • The FSP should have a systematic process and visible means to share information with clients about their right to complain and how to register a complaint.
  • This process should include at least 2-3 moments in the customer journey when the client receives this information so that they can internalize it.  One of those moments must be the product application process.  
  • If the financial institution has branch offices, agent locations, product documentation and/or digital channels, then the institution must include information on how to submit complaints in each of these locations.  
Sources of information
  • Any documentation given to clients that contains the customer complaints channels
  • Interviews with clients to verify that they know how to make a complaint  
  • Interview with field staff to talk about the channels, when clients receive information about how to make complaints, and to understand the perspective from the firled on the most used channels and most frequent complaints.
  • Complaints’ policy if there is one
Evidence to provide
  • Description of the written and oral communication channels used to share this information
  • Transparency checklist, any checklist that field staff use to ensure they fully inform clients
  • Description of how the FSP educates the clients about complaints submission, including title and page number of a policy or documented process if applicable
  • Checklist of information to be communicated to the client, including informing the clients about complaints mechanism.

4.E.1.4 If the complaint mechanism initially handles complaints through automated means, the provider makes a channel with live, human interaction available to clients.


Human interaction is critical for many reasons:

  • Many clients do not trust the effectiveness of automated systems yet and prefer to communicate directly with an employee
  • Some clients feel more confident that their complaints will be taken seriously if they are expressed to a human being
  • The opportunity to listen to customers and understand the details of the situation can help the institution understand its clients' needs and challenges
  • Clients may not be aware of how to use automated systems
  • In case clients do not choose the right options, the provider needs to interact directly with the clients to ensure they can submit their complaint properly.
Scoring guidance
  • To pass this indicator FSP should have human interaction as an option clients can choose when they want to complain  
  • If complaints are not handled through automated means, then the score is NA
Sources of information
  • Complaints handling policy and systems
  • Review and testing of how the automated system works
  • Interviews with customer service and complaints handling staff
  • Interviews with clients
Evidence to provide
  • Description of the complaints handling system and channels and confirmation that human interaction is possible
  • Results from interviews.

4.E.2 The provider resolves complaints efficiently.

Implementation Guidance

While complaints often focus on dissatisfaction—about not being approved for a loan, for example—your system may uncover more serious issues like employee fraud, mistreatment of clients, or other unethical behavior. It is critical that you are able to correct mistakes, rectify omissions, and address activities that may be harmful to the clients.  

In addition to responding to individual client issues, your institution should be able to aggregate, analyze, and report on client complaints information. Your designated complaints personnel should evaluate overall trends to identify any systemic problems that go beyond individual grievances. Chronic or repeating issues may call for changes to operations, products, and/or training in order to provide better service and rectify those areas that are frequent subjects of complaint. For example, recurring complaints about long lines in the branch may highlight the need to change the branch layout, open a new teller window, or provide digital channels. Regular complaints about being denied a loan in a particular branch may indicate the need to review how the field staff in that branch are conducting loan analysis or client targeting. Table X provides examples of how chronic complaints could provide direction for operational improvements.  

Management should review complaints data on a regular basis. Complaints reports should describe the number of client complaints received in a time period and over time, the mechanisms used to receive complaints (e.g., 60 percent of complaints received through hotline and 40 percent in the branch), and the issues raised by clients (e.g., interest rate complaints, confusion on savings product terms). See Box X for an example complaints analysis report. Look for potential operational and product-related issues that are systemic and/or consistent over time, and discuss possible improvements to your institution’s operations and products that would resolve those issues and reduce the number of similar complaints in the future.  

Complaints data is a valuable form of market research. Your institution should certainly employ other methods of market research to inform product design and delivery, as questions/complaints are biased toward poorly performing clients and those with grievances against your institution. However, frequent client questions can reveal operational issues such as gaps in field staff knowledge, and complaints can spur product design ideas such as a grace period for loyal clients or a new home improvement loan. Such information, when analyzed and discussed by management, can also help your institution narrow the focus of additional market research.

Finally, verify the effectiveness of the complaints handling system on an ongoing basis. Internal Audit or some other controls team should conduct periodic checks to assess how many complaints are being registered—in order to test whether clients are using the system actively—and what actions were taken to resolve complaints. It is helpful to investigate a sample of complaints, which would include follow-up with clients, to monitor not only whether the issue was resolved, and how quickly, but also whether the client was informed of the outcome and satisfied with the result.

4.E.2.1 The provider's complaints policy identifies levels of severity and requires that severe complaints are escalated immediately to senior management.


It is critical to effective and strategic complaints handling to have types of complaints categorized by levels of severity, so that anyone who may receive a complaint directly from a client can escalate certain urgent topics directly to senior management or the Ethics Committee. For example, any instances of data breach, fraud, abuse etc. need to be taken very seriously and acted on rapidly.  

Scoring guidance

To pass this indicator the FSP must have:

  • a formal document or a policy  for the management of client complaints, questions and suggestions
  • An escalation policy: a set of categories that rank types of complaints by severity and defines the person responsible to handle that complaint
  • A process for escalating urgent/severe complaints to senior management, internal audit and/or an Ethics Committee who can resolve these more sensitive cases.
Sources of information
  • The complaints handling policy, with an escalation matrix.
  • Escalation policy, matrix (list of categories and responsible person)
  • Interviews with Complaints Handling Manager
Evidence to provide

The title and page number of the complaints policy that describes how complaints are 1) categorized by severity and 2) escalated as needed

4.E.2.2 The provider's complaints mechanism ensures that all formal complaints are registered in a secure system that reaches the complaints handling staff and/or management.


It is critical for FSPs to have a mechanism that captures each and every incoming feedback from clients, and ensures no complaint can be hidden or buried. Without such a system it is extremely difficult if not impossible to ensure that all complaints are collected, tracked to completion, and analyzed for trends and action items that emerge from the data. It will also allow to consolidate and analyze the complaints they receive from all different channels.

This applies only when clients use one of the existing formal channels, rather than when they use informal channels.

Scoring guidance
  • The FSP’s complaints handling mechanism should include:
  • A secure process to systematically enter client feedback in a registry; this can be having personnel that is independent from field operations.
  • A database where all complaints from all channels are registered and tracked
  • Complaints handling staff reviews these complaints daily and provides solutions or escalates the case as appropriate.  
Sources of information
  • Interviews with staff and managers responsible for complaints handling, data entry, data analysis etc.
  • Branch observation
Evidence to provide

Description of the process and system/software that the FSP uses to collect and document its complaint

4.E.2.3 The provider resolves client complaints quickly.

4.E.2.3.1 The provider sends to clients a confirmation of receipt of their complaints and a notification when the complaint has been resolved.
4.E.2.3.2 If a provider receives complaints via call centers or chat, it monitors the average wait time.
4.E.2.3.3 The provider resolves at least 90% of complaints within one month. If the resolution takes longer than one month, the provider notifies the client of the reason for the delay.


The one month delay is the high ceiling, and takes into account complaints that can potentially require in-depth investigations.

In the digital age it is important for FSP’s to resolve their customers’ complaints quickly – usually within 24-48 hours to demonstrate that the institution is modern and responsive to its clients’ needs.

Scoring guidance

To pass this indicator the FSP must pass all three details and to do that, the institution should:

  • Send the client a confirmation receipt whenever s/he submits a complaint
  • Send the client a notification when the complaint has been resolved
  • Monitor the average wait time before client’s call or chat is answered.  
  • Have a tracking system of the time used to resolve a complaint
  • Have no more than 10% of complaints be categorized as so complicated that they take more than a month to resolve.  
  • If the response of the institution to the client’s complaint will be delayed (e.g., more than a week to resolve) due to complexity or an ongoing investigation, the institution notifies the client of the reason for the delay.  
Sources of information
  • Complaints handling reports that specify the average length of time for complaints to be resolved, number of complaints that take longer than a month to resolve, average wait times for customers etc.
  • Complaints handling policy or documented process that outlines when customer’s receive notification from the FSP during the handling of their complaint.
  • Reports on data and trends related to complaints handling and resolution
Evidence to provide
  • List when the customer received notification from the FSP during the complaints handling process.
  • Note the average wait times for clients to receive attention in person and online
  • Note the average time to resolve a complaint and how many/what percentages are classified as complicated, as well as the average time needed to resolve the complicated cases.

4.E.2.4 Complaints handling staff have access to relevant client data, including transaction details and notes from previous complaint conversations.


In order for complaints handling staff to be effective and efficient in their jobs, they need to have access to the relevant information about the client who is calling to complain and their history of interactions with the FSP. This is most easily done by providing access to the client management system, that allows the customer service staff to view the client’s information and the notes that other staff may have made in regards to the client’s behavior or case details.  

This indicator is especially relevant when complaints management is outsourced.

Scoring guidance

Confirm that complaints handling staff can access client data including 1) transaction details (within the limits of privacy and what is necessary) and 2) any notes from previous calls with the FSP. If one of these two pieces of information is not available to the FSP staff then the score on this indicator will be partially.

Sources of information
  • Review the screens that customer service representatives see when they are talking to a client, or entering a complaint.
  • Interviews with the complaints handling staff and manager
  • Review the complaints handling policy or processes to see if it describes these things.
Evidence to provide

Describe the types of data that the staff has access to when they are handling a complaint from a client.

4.E.3 The provider uses information from complaints to manage operations and improve product and service quality.

Excellence in customer complaints handling requires a three step process that involves 1) collecting customer complaints from a variety of channels that are accessible and affordable for clients, 2) resolving these complaints in a timely fashion and in accordance with their severity and 3) aggregating and analyzing the customer complaints data on a regular basis to use this information to inform strategic and operational decisions that improve the customer experience and reduce the frequency of customer complaints about those topics in the future. Analyzing customer complaints data converts client’s questions and problems into business intelligence for the financial institution and allows it to improve client satisfaction and retention while improving customer service and product offerings.

4.E.3.1 The complaints system creates a report for management and customer care staff. Minimum frequency: monthly


In order to aggregate and analyze the complaints data, the FSP should have a database that allows the staff to generate reports that summarize the data collected by category, severity, time period, branch, etc.

Scoring guidance
  • The complaints handling system needs to be able to generate reports.
  • The FSP has to actually generate complaints reports on at least a monthly basis.
  • The reports that summarize the complaints data need to be analysed by the complaints handling manager and required by senior management.  
  • If any of these points are missing the score will be “partially”  
Sources of information

Complaints reports

Evidence to provide

Summarize the type of information included in those reports and the frequency with which reports are generate, with whom those reports are shared and if  management reviews them.

Resources for indicator 4.E.3.1
  • A sample of a good complaints report

4.E.3.2 Management reviews complaints reports and key performance indicators (e.g., average time to resolve, percent resolved) and takes corrective action to resolve systematic problems leading to complaints. Minimum frequency: annually


In order for improvement to take place at the operational level, management must review the aggregated data from the clients complaints and discuss at the senior management level what changes to the organisation need to be taken to reduce customer complaints, improve customer satisfaction, and respond to clients’ requests.

Scoring guidance

The senior management team must review the complaints reports at least once a year AND the analyst must seek evidence that management uses it in its decision-making and has taken action in the recent past to resolve any issues that were the source of frequent problems identified in the complaints report. These problems may include improving customer wait times, resolving the sources of customer complaints, creating new products based on client feedback, or reinforcing staff training on a topic that generated numerous client questions etc.

Sources of information
  • The complaints report that shows trends in complaints over time
  • Interviews with complaints manager  
  • Interviews with senior management team
Evidence to provide
  • Describe the type of reports reviewed and the frequency with which management reviews these reports.  
  • List the KPIs that are included in the complaints report
  • Describe any actions that senior management has authorized and/or taken in the past year that were taken in response to the data in the complaints reports.

4.E.3.3 If the provider partners with third parties, the provider helps its clients to resolve complaints they have with those third parties.


Because the clients are interacting with the FSP’s chosen third party providers in order to conduct transactions related to their products and services with the FSP, any bad experiences that the clients have with those third-party providers reflect poorly on the FSP. Therefore, if the FSP uses third party providers (eg: agents), it must make an effort to ensure that its clients receive the same quality of care and respect from the third-party providers as the clients receive from the FSP.  

In order to do this, the FSP must ensure that any client complaints about treatment from third party providers reach the FSP so that corrective action can be taken. Clients should be trained either to 1) report complaints about third parties directly to the FSP or 2) understand how to submit a complaint about the third party using that provider’s complaints handling channels. In this latter scenario, the FSP should request that the third-party provider share a summary of the complaints submitted by its clients on a regular basis.

Scoring guidance
  • If the FSP does not use any third-party providers than the score will be NA.
  • If the FSP does use third party providers, then the FSP must:
    • Inform its clients about how to submit complaints about their experience with the third –party providers and  
    • Assist the clients to resolve any complaints they may have with the third-party providers.
Sources of information
  • Complaints handling policy
  • Interviews with complaints handling staff and manager
  • Interviews with the staff who is the relationship manager for the third-party providers
  • Interview with the third-party provider’s agents, if applicable
Evidence to provide
  • Title and page number of the part of the complaints handling policy that describes how clients should submit complaints about the third-party providers.
  • Summary of the interviews