Perimeter issues

The unbundling, modularization, and platform sourcing of digital finance result in credit being delivered through articulated, sometimes complex, value chains. Not only can this dilute provider incentives but it can result in digital credit activity that falls outside the financial authority’s remit or “regulatory perimeter.” Often there are multiple financial and non-financial authorities sharing jurisdiction but operating (at times inconsistently) in silos e.g., central banks overseeing banks, consumer protection agencies monitoring fintech marketplaces, telco and payment regulators handling MMOs delivering loans. Consumer, competition and data protection authorities may track broader market practices. Consumers face risks from fraudulent apps, over-indebtedness due to multiple loan “stacking,” and confusion over where to report complaints. An MMO that offers credit through a bank partnership may be supervised by the financial regulator under the regulations on e-money, while an app-based lender that sources loan funds from investors might not be regulated or subject to credit reporting (as in Peru).¹

From the perspective of the financial authority, a digital lender may be:

• Regulated. A lender covered by financial regulations or laws that include digital credit as a category of financial services, either explicitly or implicitly. The lender is licensed, registered, or approved by the banking regulator or another official agency dealing with nonbank lenders.
• Unregulated. A firm offering digital credit to customers for its goods or services, beyond the reach of financial regulation but subject to other broader, general laws (e.g., consumer or commercial codes).
• Informal. An entity with or without legal status offering digital loans that fall outside the scope of law and regulation. This may be due to a regulatory gap, a transition phase as the provider becomes a regulated lender, or a carve-out for the digitization of traditional credit groups (e.g., ROSCAs, VSLAs).
• Illegal. An entity offering digital loans in contravention of the law (i.e., not falling within one of the above categories), or because its lending business does not conform to regulation. An illegal lending app may engage in criminal activities (e.g., loan sharking, scams), or not have any business in place and use the app only as a façade.²

A survey of financial authorities³ found a significant level of concern about these issues. The concerns included: fintech-related consumer risks being outside their regulatory perimeter (60%), capacity and resource constraints (56%), limited understanding of fintech-related risks (52%), and inadequate market monitoring tools (50%). Poor quality or insufficient data was cited by 68% of respondents. Data gaps could prevent regulators from accurately assessing the financial risks posed by digital lenders that lie outside their remit, making it more difficult for them to decide whether and how to extend the regulatory perimeter. Unclear regulatory remits and lack of clarity on the responsibilities of each regulator can exacerbate this. One of the surveyed regulators reported having adopted a temporary approach to this situation, i.e., bringing digital lenders under existing licenses as appropriate while engaging with those providers “that are not clearly captured under any legal regime.”

Figures 1 and 2 below illustrate the potential for regulatory lacunae and overlaps in digital credit, with the likelihood that different authorities may assert jurisdiction in successive phases of the same activity or transaction.

Recommendation: Coordination across the regulatory perimeter – i.e., “ecosystem collaboration” – can help to piece together seamless coverage of financial consumer protection risks posed by digital credit. This means consistent joint action by financial sector, telecommunications, ICT, and consumer agencies. These key stakeholders can work together to develop, implement and monitor solutions that have a greater impact on consumers than individual and isolated efforts, and that reduce gaps and overlaps. For coordination to succeed, it is critical to have a clear lead actor designated by legislation or agreement, supported by binding commitments of the other actors. Unfortunately, successful collaboration must often contend with bureaucratic rivalry, misaligned goals, unclear mandates, mistrust, and poor communication among stakeholders.

Source: Izaguirre et al. 2025 forthcoming [link]

How does ecosystem collaboration work in practice? Regulators from different sectors (e.g., consumer finance and data protection) can share information on emerging issues such as new types of frauds and scams. These agencies can support safe expansion of fintech innovations by agreeing to coordinate with other regulators (e.g., prudential, AML/CFT, securities). Digital lenders that fall into a regulatory gap could become directly regulated through a legislative expansion of the perimeter (as in Kenya) or indirectly regulated, e.g., through rules on outsourcing by a licensed FI (as in India). Lending businesses that fall within the scope of the expanded perimeter, directly or indirectly, but do not obtain a license or comply with the rules may be sanctioned or closed down.