Consent Management

As the Trust and Accounts team, ensure that we:

1. Obtain explicit user consent before sensitive account actions.

2. Comply with data privacy laws (e.g., GDPR).

3. Maintain an audit log of consent requests, approvals, and actions.

4. Provide seamless user experiences for consent across platforms: web, mobile, USSD, and back-office.

1. Achieve a 90% decrease in unconsented actions within 3 months post-implementation.

2. 100% of sensitive actions logged with all necessary audit details (e.g., requester, timestamps, action performed).

Current Situation

At present, sensitive actions can be carried out on a user's account without explicitly obtaining their consent. This poses several challenges:

1. Regulatory Compliance: It creates a risk of non-compliance with data protection laws such as the GDPR, which mandate that users must give informed and explicit consent before any action affecting their data or account is performed.

2. Transparency and Trust: Users may lose trust in the platform if they notice changes made to their account without their knowledge or approval.

3. Auditability: There is no comprehensive audit trail to verify who authorized the action, when it occurred, and what specific changes were made, leading to accountability gaps.

Case study: BRM Remapping

A clear example of this issue is the BRM remapping process:

1. Current Flow (Without Consent Management):

   • A Business Relationship Manager (BRM) raises a claim request to reassign a business to themselves.

   • The Business Owner (BOwner) simply sees that their BRM has changed without being notified or asked for permission.

2. Improved Flow (With Consent Management):

3. When the BRM raises a remapping request, the system triggers a consent request to the Business Owner.

4. The consent request includes clear details, such as the identity of the requesting BRM and the action they wish to perform.

5. The Business Owner must explicitly approve this request before any changes are implemented.

6. This process ensures that sensitive actions like BRM remapping are fully transparent, user-approved, and properly documented.

Benefits of Consent Management

1. User Control: Users are empowered to make decisions about their accounts.

2. Legal Compliance: Aligns with GDPR and other data protection regulations.

3. Audit Trail: Provides a clear, verifiable record of all consented actions, including details of who requested the action, when the request was made, and the outcome.

Scope

Internal Services

These are Moniepoint's internal services that may need to request user consent for sensitive actions. Examples include:

External Services

These are third-party services that may require access to Moniepoint users’ accounts for data or payment purposes. Examples include:

Constraints

1. Transparency:

2. Each consent request must inform the customer:

   • Who the requesting client is

   • The specific action the client wants to perform on their account.

3. Action Specificity:

4. Systems requesting consent must only be allowed to carry out the specific action tied to the consent request.

5. Single-Use Consent:

6. The first version (v1) of this feature will focus solely on one-time, single-use consent requests.

7. Communication Constraints:

   • SMS Notifications: Messages must be under 150 characters.

   • Push Notifications: Limited to 250 characters.

   • USSD Screens: Maximum display of 150 characters.