In Pakistan, fintech, or financial technology, is reshaping financial services through technology, addressing traditional banking limitations and enhancing accessibility. Yet, significant challenges remain, notably the lack of robust data privacy regulations, which pose risks to consumer trust and cybersecurity in digital financial services while impacting innovation and investment in the fintech ecosystem. While regulatory bodies like the State Bank of Pakistan (SBP) and Securities and Exchange Commission of Pakistan (SECP) have frameworks in place, improvements are necessary.
Fintech represents a pivotal transformation in how financial services are delivered and accessed globally as it involves the use of technology to improve and automate the delivery of such services. According to reports by SBP, fintech adoption is steadily increasing, particularly in mobile banking and digital payments, which have the potential to significantly enhance financial inclusion. According to the World Bank, as of 2021, approximately 87% of Pakistan’s population had access to mobile phones, providing a strong foundation for mobile banking and digital payments to thrive.
However, there are certain factors hindering the full potential of fintech in Pakistan such as the absence of clear regulations around data privacy and security as evidenced by the delay in formalising the Personal Data Protection Bill (PDPB) 2023. This delay raises significant concerns regarding the safety and security of personal and financial information in the digital age, posing a substantial barrier to cultivating trust in digital financial services. Pakistan should prioritise the enactment of this bill, and its consent requirements (Article 13) should be refined to ensure individuals freely give consent, mirroring the stricter standards outlined in the General Data Protection Regulation (GDPR) Article 7, and it should clarify data protection restrictions as specified under GDPR Chapter V.
The State’s financial sector is embracing innovation through a combination of regulations and experimentation. SBP’s Electronic Money Institution (EMI) Regulations create a secure environment for digital financial services by setting licensing requirements and consumer protection standards. This is exemplified by NADRA e-Sahulat, an e-commerce platform that expands financial service access. Furthering this innovation, SECP’s Regulatory Sandbox allows controlled testing of new financial ideas by fintech companies and established institutions. Notably, the first cohort of participants showcased notable success. Specifically, FINJA Lending Services Limited, with its peer-to-peer lending platform, and First Digital General Takaful, a dedicated digital takaful operator, achieved significant milestones.
SECP’s framework for fintech holds promise, but improvements can unlock its full potential. Limited scope in the regulatory sandbox can stifle innovation in areas with high growth potential. Singapore’s Monetary Authority (MAS) addresses this challenge with a tiered sandbox framework. This framework offers various levels tailored to different risk profiles and innovation types. Their FinTech Regulatory Sandbox 2.0 specifically allows experimentation in areas like digital identity and blockchain trade finance. This tiered structure provides a valuable blueprint for SECP.
Implementing a transparent exit strategy is also imperative. It is essential to establish a clear and transparent process for exiting the sandbox and transitioning to full regulatory compliance. The Hong Kong Monetary Authority (HKMA) offers a well-defined exit strategy for its Fintech Regulatory Sandbox. This notice outlines the specific regulatory requirements and licensing procedures they need to follow for a full market launch. By adopting a Hong Kong-style exit strategy, Pakistan’s SECP can provide a clear “Graduation Notice” outlining the licensing procedures and regulatory requirements for graduating companies for an easier transition.
In the context of SBP’s EMI regulations, a tiered regulatory approach based on the size, complexity, and risk profile of the EMI could be beneficial. One-size-fits-all regulations for EMIs can stifle the growth of smaller fintech companies in Pakistan. Malaysia’s Securities Commission (SC) offers a potential solution with their tiered EMI regulatory framework. This system categorises EMIs based on size and transaction volume, allowing for a risk-based approach. Smaller EMIs benefit from simpler regulations, while larger or more complex institutions face stricter oversight.
Additionally, SECP and SBP can collaborate with the Pakistan Telecommunication Authority (PTA) and Ministry of Information Technology and Telecommunication (MoITT) to develop a multi-channel campaign to educate citizens about fintech benefits and responsible use.
Iqra Bano Sohail
The writer is an expert on International Law at IPRI.
