Financial inclusion has been a top priority for the international community since the G20 recognized financial inclusion as one of the main pillars of the global development agenda in 2010. Between 2014 and 2017 alone, 515 million adults opened accounts at financial institutions, raising the percentage of banked adults worldwide from 62 percent to 69 percent. By 2030, two billion new users will store money and make payments on their phones. Many financial inclusion efforts rely on leapfrogging to digital financial services (DFS) and are changing the level and type of interdependencies of the financial system and tech companies.
These digital financial services platforms are vulnerable to cyber threats. The increased use of mobile phones for financial transactions exposes customers and providers to new cyber risks. Financial markets in sub-Saharan Africa, Asia, and Latin America have already experienced an increase in cyber attacks, and markets with more DFS transactions are targeted more often. Cyber criminal activity has shifted away from high-income countries and refocusing on less cyber-mature financial markets. For example, Check Point’s research team reported a 50 percent increase in mobile banking malware in the first half of 2019. The growth of digital financial services has become so successful that, similar to traditional financial services firms, central banks are now paying more attention to potential systemic risks and risks to the stability of the financial system.
Safeguarding financial inclusion achievements against growing these cyber threats is therefore an urgent challenge. Most governments remain unprepared, developing countries are especially under-resourced, and the ecosystem of relevant stakeholders and relevant cyber security support structures continues to be fragmented.
Through its strategy project, Carnegie’s FinCyber project has recommended establishing a consolidated foundation to advance cybersecurity in the context of financial inclusion and to safeguard the achievements made in that area over the past decade. This includes clarifying roles and responsibilities of key stakeholders, building a dedicated regional focus on Africa to complement the focus on Latin America already provided through the Organization of American States (OAS), and exploring how financial inclusion initiatives could be leveraged to raise awareness about basic cybersecurity principles.
The mapping below provides a starting point for relevant material focusing on cybersecurity in the context of financial inclusion.
In addition, Carnegie’s ‘International Strategy to Better Protect the Financial System Against Cyber Threats,’ developed in collaboration with the World Economic Forum, outlines a set of recommendations focusing on capacity-building and financial inclusion as two out of six strategic priority areas. In a next step, Carnegie is creating a network of experts focusing on cybersecurity and financial inclusion in Africa. Carnegie will leverage this network of experts to carry out research: (i) mapping key issues and challenges as well as the disconnect between global and local efforts; (ii) analyzing the threat landscape in Africa; (iii) identifying lessons learned for the Global North from DFS in the Global South; (iv) exploring how DFS could be leveraged to increase basic cybersecurity principles; and (v) assessing preliminary insights from the coronavirus’s impact on cybersecurity with respect to DFS.
High Profile Conference
On December 10, 2020, the first FinCyber Conference on Financial Inclusion and Cybersecurity was jointly hosted by the Carnegie Endowment for International Peace, the International Monetary Fund, the World Bank, and the World Economic Forum. The event was designed to facilitate knowledge transfer among the various stakeholders in the financial supervisory, financial inclusion, development and cybersecurity communities and to strengthen the relationship among them on this crosscutting issue.
The conference featured keynote remarks from Her Majesty Queen Máxima of the Netherlands, the United Nations Secretary-General’s Special Advocate for Inclusive Finance for Development; Kristalina Georgieva, Managing Director of the International Monetary Fund; Magda Bianco, co-chair of the Global Partnership for Financial Inclusion from Banca d’Italia; and welcome remarks from Ambassador William J. Burns, President of Carnegie.
A series of plenary sessions and smaller breakout sessions followed that shed light on the evolving threat landscape in the wake of the pandemic, highlighted latest developments in the field, and outlined next steps for advancement in this space.
This conference was the first in an ongoing series of sessions designed to strengthen the connective tissue between the development and regulatory communities as well as with the private sector and to promote robust financial inclusion efforts.
United Nations Secretary-General’s Special Advocate for Inclusive Finance for Development
H.M. Queen Máxima of the Netherlands has served as the UN Secretary-General’s Special Advocate for Inclusive Finance for Development (UNSGSA) since 2009. As Special Advocate, she is a leading global voice on advancing universal access to and responsible usage of affordable, effective and safe financial services. The UNSGSA raises awareness, serves as a convener, encourages leaders and supports actions to expand financial inclusion at a global and country level, all in close collaboration with partners from the public and private sector. An important focus of her work is on enabling responsible technology for financial inclusion in support of the Sustainable Development Goals. Additionally, the UNSGSA promotes cybersecurity as a digital public goods, a key prerequisite to help people enter and participate in the formal digital economy in a safe manner. In 2009, the UNSGSA published “Briefing on Cybersecurity” highlighting the importance of bolstering cybersecurity to promote financial inclusion, particularly in relation to digital financial services
The World Bank promotes cybersecurity in financial inclusion efforts through the provision of technical assistance and data collection. Two of its initiatives, Harnessing Innovation for Financial Inclusion and the Financial Inclusion Global Initiative, emphasize digital innovation for financial inclusion and provide technical assistance to financial services providers seeking to modernize or expand national payment systems. The World Bank also runs Identification for Development, a program that provides technical assistance and advisory services and facilitates knowledge-sharing among national initiatives to implement digital identification systems. For more information on the impact of disruptive technologies on credit information sharing, see the World Bank’s recent report in this space.
The International Monetary Fund (IMF) has also become a key player in the field of financial inclusion, leading the charge to develop more capacity in low and lower-middle income countries. In 2018, the IMF established a program to assist financial regulators and supervisors with cybersecurity risk management after it declared cybersecurity to be a financial stability risk. The IMF’s cybersecurity technical assistance program, implemented by the Monetary and Capital Markets Department, has three pillars: annual workshops, regional technical assistance center workshops, and bilateral technical assistance missions. For more on the IMF’s capacity-building efforts, see former Deputy Director David Lipton’s recent blog post on the global nature of cyber threats.
The Consultative Group to Assist the Poor (CGAP), an independent think tank focused on financial inclusion and administered by the World Bank, has developed a concept for shared cyber security resource centers to help low-income countries to address cybersecurity risks in DFS. For a summary of CGAP’s research in this area, see the CGAP/GIZ November 2019 publication, “Cyber Security in Financial Sector Development: Challenges and Potential Solutions for Financial Inclusion” as well as it’s blog series, “Cybersecurity and Financial Inclusion: Protecting Customers, Building Trust.” CGAP also developed recommendations for financial sector policymakers and providers to address vulnerabilities in mobile financial transactions..
Founded by the Bill & Melinda Gates Foundation in 2008, the Alliance for Financial Inclusion (AFI) is an advocacy and policy organization for financial inclusion, whose members are central banks and financial regulatory institutions. The AFI organizes the annual Global Policy Forums. In 2017, the AFI held a policy forum for cybersecurity and financial inclusion in Malaysia, in partnership with Bank Negara Malaysia. In 2019, the AFI published “Cybersecurity for Financial Inclusion: Framework and Risk Guide,” which provides key principles and best practices to assist regulatory and supervisory authorities dealing with cybersecurity risk in the financial sector.
Bill & Melinda Gates Foundation
Since 2010, the Gates Foundation has given over $350 million in grants to support its Financial Services for the Poor strategy, which promotes the development of digital payment systems, the advancement of gender equality, and the creation of national and regional financial inclusion strategies. The foundation invests in national financial inclusion initiatives in Africa, South Asia, and Southeast Asia. In 2020, the Gates Foundation awarded grants to four grantees specifically focusing on cybersecurity and financial inclusion: the Carnegie Endowment for International Peace, the Global Forum on Cyber Expertise (GFCE), Carnegie Mellon University’s Africa Center, and MITRE.
Digital Financial Services (DFS) Observatory
The DFS Observatory, based at Columbia University and funded by the Bill & Melinda Gates Foundation, is currently developing a cybersecurity framework for digital financial services. It holds a curated library of DFS-related laws, regulations and policies.
Africa Cybersecurity Resource Centre Consortium (ACRC)
Suricate Solutions launched the first “Cyber Security Operation Center for Financial Inclusion” (C-SOC) in Senegal in 2017 with support from the Luxembourg government and the European Investment Bank. Leveraging the lessons learned from this SOC experience in the West-African Economic and Monetary Union, the ACRC consortium was created as a regional and sectoral-focused project and is in the final phase of funding from the ADFI (African Digital Financial Inclusion Initiative of the African Development Bank. Implemented by a not-for-profit consortium, this public-private partnership is designed to provide quality, affordable cybersecurity services, such as information exchange, capacity building, R&D, incident response, and support to policy makers on cybersecurity regulation through sub regional centres.
A key pillar of the financial inclusion ecosystem is the G20’s Global Partnership for Financial Inclusion (GPFI), a platform for G20 states, nonmember states, and other stakeholders that implements the G20 Financial Inclusion Action Plan (FIAP). The FIAP aligns efforts with the UN’s 2030 Agenda for Sustainable Development and the G20’s “High-level Principles for Digital Financial Inclusion,” and it aims to provide an evolving financial framework for states, regional organizations, and industry. For the latest efforts from the GPFI, see its recent publications.