FAQs & Other Resources

General Client Protection Pathway FAQ

The commitment is valid as long as the FSP remains active on the CP Pathway. An FSP will be marked “inactive” on our list of Committed Institutions in the following cases:

  1. If the FSP does not provide any proof of assessment within 6 months of joining the CP Pathway, and / or
  2. if the FSP does not update its assessment after a period of 2 years (3 years for certification).

Before marking an FSP as inactive, Cerise+SPTF will send several requests for updated assessments during one year. 

We accept all the following assessments, completed within the last two years, or a Client Protection Certification completed within the last three years. 

  1. Client Protection Commit Tool
  2. Client Protection Full Tool
  3. ALINUS
  4. SPI Entry or Full
  5. Code of Conduct Assessment (Cambodia, India, EU)
  6. Social Rating
  7. Client Protection Certification (completed in the last 3 years)

Your assessment options are the following:

Self-assessment – One or more of the financial service provider’s internal staff will review all the documentation, interview all department managers and field staff, and meet with clients, to provide an opinion on where the organisation stands towards compliance with each indicator.

Accompanied self-assessment by a qualified auditor – The first time an entity gets an assessment, it is often useful to have a consultant helping them to fill out the tool, understand the rationale of the indicators, and thus have more accurate results. The collaborative aspect of this process helps the institution take ownership of the expected practices and builds familiarity so they can do the work entirely on their own in future years.

External assessment  – In this case, the consultant who conducts the assessment brings an objective and expert opinion on the organization’s policies and practices. This option is generally useful if the financial service provider wants to prepare for a certification. The consultant does not need to be a qualified auditor. Read more about experts here.

As with all our resources and initiatives, there is no fee to access the Client Protection Pathway. Only through collective action can we safeguard the stability and vitality of financial services. No single provider can do this alone and we urge global participation from all stakeholders.

SPTF does rely on membership contributions to maintain our programs. Find out more about our modest membership fees here.

In 2023, we piloted tested the DFS Standards. In 2024 we updated and finalized the DFS Standards based on the pilot test results, created the evaluation tool in French, Spanish, and English, and are in the process of writing the scoring guide and training assessors. We have also begun the analysis of which of the DFS Standards should be classified as client protection practices, and at what level (i.e., entry, progress, or advanced) and expect to finalize that work in 2025. Stay up to date by visiting the Digital Financial Services Working Group webpage

The Client Protection Standards are fully integrated into the Universal Standards. FSPs that want to focus more on the client protection portion of SPM may choose to use the Client Protection Standards which consist in the “do no harm” approach. 

Yes. The entire CP Pathway is targeted toward FSPs. However, Cerise+SPTF welcomes the support of investors, funders and regulators.

As a funder, you may want to encourage your investees to join this pathway, and maybe also make it a requirement in your loan agreement. To demonstrate this commitment, you can sign the Joint Statement supporting the industry’s adoption of the Client Protection Pathway.

Client Protection Certification and other Third-Party Validations FAQ

Third-party validation refers to an impartial evaluation conducted by an external entity to openly assess and verify the performance and compliance of an organization with the Cerise+SPTF client protection standards.

Examples of third-party validations include an external client protection assessment (as distinct from a Step 2 self-assessment or accompanied self-assessment) or a certification.

Certification is one form, the most rigorous form, of third-party validations.

There are 2 ways of getting a third-party validation.
A. CP certification conducted by a company with an independent certification committee or
B. Third party validation conducted by a team of two individuals with at least one CP qualified auditor.

Both are conducted by qualified experts, who are independent of the organization being assessed, ensuring impartiality and thorough analysis.
Both serve the objective of demonstrating your performance and compliance with the Cerise+SPTF client protection standards.
The key difference is that a Certification involves the additional step of discussion and decision by an independent certification committee, usually leading to a formal recognition in the form of a certificate.

Determining which third-party validation to pursue depends on various factors that the FSP should consider, such as :

  • the specific goal sought
  • the level of credibility and recognition required
  • the available budget compared with the expected comprehensiveness of the analysis
  • the expectations and preferences of stakeholders such as clients, investors, regulators, and partners.


Cerise+SPTF recommends that the selection of third-parties be undertaken carefully, with attention to the proposed providers’ reputation and their specific expertise in client protection. To help stakeholders in their selection process, we have established recommended Guidelines for third-party validations.

First, they should make sure that they are ready for that process by getting familiar and self-assessing with the Client Protection Full framework. Then they should contact several third parties to request proposals, and should then evaluate those proposals in particular for their alignment with the Cerise+SPTF guidelines. Please note that certification is a product offered by organizations such as rating agencies. Individual consultants may be a good choice for other forms of third-party validations such as external assessments or social audits, but third-party individuals will not issue a seal or a certificate.

Cerise+SPTF has published some Guidelines for stakeholders who wish to contract a third party for an external assessment of client protection practices. Stakeholders should carefully read the third party’s technical proposal to ensure it is aligned with these guidelines. If you wish to receive a second opinion on the alignment of your third-party validation with Cerise+SPTF framework, we offer this service for a fee. You can request this directly from your third-party entity or contact us at cppathway@sptfnetwork.org.

Definitely not! The CP Standards remain, and are all the more relevant as we focus on our core mission to support FSP in their road to improvement. The CP Pathway is the key resource to set this roadmap and we will continue to promote those FSPs who are engaged in advancing client protection.

On this page, you’ll find a public downloadable list of all qualified auditors. Being qualified means that an individual has gone through the three levels of training developed by Cerise+SPTF, including a real case audit, in the field, with supervision and individual coaching by one of our experts.

We encourage selection of CP qualified auditors because they have been specifically trained to align with the methodology and framework of the certification standards. The CP qualification program is still new (introduced in 2023), and the pool of CP qualified auditors is growing steadily. You can pick an SEPM qualified auditor as well (remember that CP Standards are fully incorporated in the USSEPM), ideally requiring that she/he has completed the Level 2 – Go Deeper on CP course.

The third-party organization will deliver its own certificate, without the Cerise+SPTF logo. As noted above, please remember that certification is a product offered by organizations such as rating agencies; third party individuals will not issue a seal or a certificate.

Any organization who has commissioned a third-party validation (e.g., a financial service provider or an impact investor who funds that FSP) can commission Cerise+SPTF to provide a second opinion (fee-based service).

Based on the information provided, Cerise+SPTF will review the validation file to evaluate whether the team followed our recommended framework and whether, in our opinion, the conclusions that team reached were justified.

IMPORTANT: We issue our opinion based on a desk review of information provided. We do not go on-site, talk to the FSP or read its documentation. We do not and cannot guarantee the reliability of that information. Our review does not verify the accuracy of the findings, it only verifies the alignment with the CP framework.

Certified FSPs can and should report their certification to the CP Pathway by filling out this form. Their level of achievement will then appear on the list of institutions on the CP Pathway. 

Those FSPs are under review by their respective rating agencies, under the agencies’ own agenda. These agencies will be the ones granting a decision on these certificates.

Implementation Series

We encourage all financial service providers on the Pathway to implement better practices by learning about critical client protection topics covered in our Implementation Series. Signing up to the Client Protection Pathway signs you up to the series. 

Communications Materials

When you join the Client Protection Pathway or sign the Joint Statement, you may want to let your partners know. Our Communications Materials provides suggested key messages and other helpful information. 

The CP Pathway Fact Sheet provides an overview of the the three steps of the Client Protection Pathway.  

The CP Standards Fact Sheet provides an overview of the key components of the Client Protection Standards.

Resource Center

Cerise+SPTF maintains a library of resources related to client protection, as well as social and environmental performance management. Check them out.

For Special Circumstances

Client protection self-assessments now take place via our SPI Online portal, launched in 2023. Should connectivity or other issues prevent you from working via SPI Online, you can download the final version of the Excel-based Client Protection Self-Assessment Tool, and work on your local drive. Please be aware that it will not be possible to transfer such Excel-based information into SPI Online after the fact, and that this option should be reserved for extraordinary circumstances.

Client Protection Assessment Tool

Click to download the updated version of The Client Protection Self-Assessment Tool (CP SAT v3.4.0), a tool to evaluate your organization’s performance against the Client Protection Standards v3.0.