Tiered risk-based KYC: M-Shwari successful customer due diligence

M-Shwari is a banking product offered by Commercial Bank of Africa (CBA) in partnership with Safaricom for M-PESA customers and it rides on the M-PESA infrastructure. It consists of an interest-bearing savings product, which is effectively a bank account linked to the M-PESA e-wallet, which pays customers between 2% to 5% interest per annum. In addition, M-Shwari customers have access to short-term credit with on-demand loans of up to $235. The initial credit score upon enrolment is based on past usage of Safaricom products [1]. Subsequent credit-scores are based on M-Shwari product usage.

M-Shwari was launched on November 27th 2012 [2]. In its first six months, 3.5 million customers have already signed up for the product, $11.7 million has been accumulated in savings, and more than $22.4 million worth of loans have been disbursed [3].

To activate their M-Shwari account, an M-PESA subscriber needs only to update his M-PESA STK menu, which then provides him with a M-Shwari tab incorporated in the M-PESA dropdown menu. The customer then selects the M-Shwari tab to activate the service; all of this can be done directly from his mobile phone. Transfers can be made seamlessly from M-PESA to M-Shwari and funds can be withdrawn through M-PESA’s network of agents.

But how has CBA managed to create a process that is both easily accessible by customers and is KYC compliant?

CBA is responsible for KYC compliance, as per the prudential guidelines. To achieve this, M-Shwari operates a tiered KYC model, which is a critical success factor of M-Shwari.

As a first level KYC, CBA uses information stored by Safaricom for M-PESA customer due diligence (CDD): customers signing up for M-PESA need to show the original government-approved Identification Documents (IDs) i.e. National ID or passport, and complete an application form with information such as name, ID number, and address. Safaricom does not take copies of the IDs at this point, however M-PESA customers have to show their IDs every time they cash-in or cash-out.

The CDD data is used to facilitate the opening of an M-Shwari account. However, to operate the account, a 2nd level KYC verification is mandatory.

The second level KYC verification is the ability to verify M-PESA KYC information against the government official registry of individuals database. At this level, one can deposit up to a maximum of Ksh. 250,000. To be able to have balances exceeding Ksh. 250,000 and up to Ksh. 500,000, one will be required to present the original and a copy of the legal ID at a Safaricom shop. To be able to have balances exceeding Ksh. 500,000, one will be required to present the original and a copy of their PIN Certificate at a Safaricom shop. Subsequent KYC levels are inherent in the product design. The tiered KYC levels define one’s deposit limit cap. All documents are stored by CBA.

The simplified KYC procedure is compliant with the Financial Action Task Force (FATF) international standards on anti-money laundering and counter terrorism financing (AML/CTF). FATF recommends to balance the objectives of financial inclusion and integrity and to adopt proportional risk-based CDD procedures. In this case, the risk of money laundering and financing terrorism through M-Shwari is mitigated because M-Shwari is designed as a savings account with clear transactional limits:

  • Deposits into M-Shwari are only from the customer’s M-PESA account. M-Shwari cannot be used to make transfers and payments. However, to make such transactions, M-Shwari customers would need to move money from M-Shwari to M-PESA and undertake required transfers and/ or payments, which must be within M-PESA transactional limits of $ 1,674 per day.
  • The only payments that go through the M-Shwari account are related to the disbursement and repayment of M-Shwari loans.
  • The tiered KYC level allows for graduated deposit amounts; the lower the KYC level, the less the balances you can hold and vice versa.

The initial success of M-Shwari has been truly impressive. What will it take to encourage more regulators and providers to move toward a tiered KYC model, thereby promoting greater uptake of credit and savings products, and achieving deeper financial inclusion ?



[1] To apply for a loan there are no fees and no paperwork. M-Shwari customers can dial *234*6# to find out about their credit limit (maximum possible loan value). To qualify for an M-Shwari loan, a customer must be an M-PESA subscriber for at least six months, and then an algorithm, based on previous utilization of Safaricom services (M-PESA, bonga points, voice and data) is used to determine the initial eligible loan limit. Subsequent loan limits are determined based on a) Levels of “regular savings” with M-Shwari, and b) Repayment history of M-Shwari loans. Loan disbursements are issued through M-PESA and loan repayments are made through M-PESA. Loans can be taken for between KES 100 (US$ 1.15) and KES 20,000(US$ 235), have a term of 30 days, carry a facility fee of 7.5%, and failure to pay triggers the loan to roll-over, meaning if a customer pays the loan late, the effective rate is much higher.

This footnote uses information from Mike McCaffrey, Olivia Obiero, George Mugweru, M-Shwari: Market Reactions and Potential Improvements, MicroSave Briefing Note #139, February 2013.

[2] A few months before M-Shwari was launched, Airtel and Faulu introduced a similar product called Kopa Chapaa that facilitates loans of up to $115, repayable in 10 days, using a similar credit-scoring algorithm.

[3] Source: CBA.

Join the Conversation (2 comments)

  • Stefan Staschen says:

    Simone, very interesting and of huge relevance for other markets. I have one question: How exactly is the second level verification (verification of M-PESA KYC information against the government database) done? Is this done automatically by Safaricom when a customer opens a M-Shwari account (but still can’t transact on it)? How good is the coverage of the database (also considering that M-Pesa customers might have used different types of IDs when signing up)?
    Other countries have been much more cautious about KYC. For example, in Pakistan (which has a great ID system) the ID alone and the check against the database would not be sufficient for account opening (one could still use someone else’s ID, which actually happens – according to anecdotal evidence – quite often to circumvent transaction limits), but the agent also needs an image of the ID and a photograph of the customer to prove that the customer was actually present (both can be digital). It’s still possible to use someone else’s identity, but at least it’s hard to do without this person’s consent. (These requirements are actually one reason why the majority of agents does not do account opening)

  • Hi Stefan, apologies for my delayed response. Commercial Bank of Africa has a statutory responsibility to comply with the guidelines under the AML Act, and the Central Bank of Kenya prudential guidelines on customer acceptance and verification, which guidelines conform to the FATF recommendations.

    The verification of ID details is carried out by CBA against the IPRS database and is an automated check. IPRS are the custodians of the National Registration database hence the check is fullproof.

    To register for M-Pesa, which users must do before opting in for M-Shwari, she must present herself physically at an Mpesa Agent who records in the M-Pesa database and ID verification system (and verify) all Customers ID details including passports and other government approved IDs, which can all be verified against the information in the IPRS.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.