Skip to end of metadata
Go to start of metadata

You are viewing an old version of this content. View the current version.

Compare with Current View Version History

« Previous Version 5 Next »

 Overview

What is consent management?

Consent management is a simple maker-checker* flow that authorizes Moniepoint staff to take sensitive actions (e.g., profile updates) on behalf of customers with their consent.

*Maker-checker: One party initiates a request, and the other party approves the request.

Example scenario: Updating the business name on a Moniepoint account

  • A user walks into a Moniepoint Kiosk to get help updating the business name on their Moniepoint account.

  • This means Moniepoint Kiosk agent must take sensitive action on behalf of the customer.

  • With the consent management system, the Kiosk agent can initiate a consent request for the customer to approve.

  • Once this request is approved by the customer, the agent can then proceed to update the user's business name.

This ensures maximum security on the user’s account and ensures the user is always informed of all changes made to their Moniepoint account.

We can also see a detailed activity log of all the changes made to a customer's account.

What channels will this run on?

  1. Moniedesk

  2. Back office

  3. BRM dashboard

  4. PRM dashboard

  5. USSD

  6. Moniepoint banking app.

 Problem Statement

Why do we need a consent management system?

  1. Improved compliance and security: This would mean we are compliant and in line with GDPR, by ensuring all actions are taken with customer’s consent.

  2. This also significantly reduces the chance of sensitive actions being taken by bad actors and adds an extra layer of security at physical locations as well.

  3. Audit logs: There is now a clear trail of who performed what actions on a customer's account and a clear record of who approved the actions to be taken.

  4. Automated consent processes: By automating the process of getting consent, we can make the process of getting customers approval for consent simpler especially for physical interactions.

 Problems and Proposed Solutions

How do we manage consent today?

Today when a user requires a change on their account, we manually collect their personal details as a way to confirm their consent. This means we use the submission of voters card, BVN information, account information

Why doesn’t it work?

  1. This means that the Moniepoint staff who is engaging with the customer has direct access to sensitive customer data and also can be very cumbersome for a customer to gather some of the information.

  2. Also as a customer why am I sharing my PII because I want to make a simple change?

What solution do we propose?

  1. Consent management APIs: A suite of APIs integrated into existing customer channels to give staff the ability to request users' consent and for the users to approve the request in turn. With these APIs customers and staff should be able to carry out the following actions:

    1. Initiate consent request

    2. Approve consent request

    3. Reject consent request

    4. Revoke consent request

    5. Get all consent requests

    6. Get all approvals

    7. Bulk approve and reject

  2. Consent management dashboard: A platform for compliance and support leaders to monitor and audit consent management.

What does success look like?

Business Case & Justification

 Business Impact

What is the value delivered when we introduce consent management?

  1. Improved security

  2. Speed

  3. A seamless way to carry out sensitive action for support team

Do we currently have any metrics to support this?

[In progress: What is the current experience for compliance and how does this affect the user experience? Do people drop off from support if they’re unable to get required compliance information to carry out sensitive actions? How many?]

Key stakeholders

Compliance
Customer success
Operations team

 User Personas

Who will use this consent management?

  1. Moniepoint users with digital channels

  2. Moniepoint users without access to digital channels at Kiosks or via their PRM/BRM

  3. Moniepoint staff

 User Stories

Clearly define the features that will answer user questions about consent management

APIs

  1. Initiate consent request

  2. Approve consent request

  3. Reject consent request

  4. Revoke consent request

  5. Get all consent requests

  6. Get all approvals

  7. Bulk approve and reject

  8. RBAC

Dashboard

  1. RBAC

  2. Audit logs

  3. UI for APIs

  4. View consent data

 Design

Figma and any other design artefacts go here

 Development Timeline

When does this ship and what milestones?

ETA: Q4 2024?

JTBD

  1. Confirm all platforms that need access to Consent management

  2. Confirm all users that will have access to consent management

    1. Break this down by authority

 FAQs

External

Internal

 Additional Links

  • No labels