Recent times have seen an increase in consumer lending by fintech companies whose businesses are primarily the provision of personal loans to Nigerians. The digital lending space has not only liberalized access to (often) uncollateralized financing by micro-business and consumer borrowers, it has also helped to deepen financial inclusion, provided an opportunity for individual borrowers to build their credit ratings, as well as giving them an opportunity to access further credit on better terms as the need arises.

Digital lending in Nigeria has however come with its challenges. As the loans are mostly unsecured, some digital lenders pursue quite unorthodox debt collection strategies that often result in abuses of personal data and consumer protection, as well as actions which border on the tort of defamation under Nigerian law. For instance, because digital lenders – through their mobile applications – already have access to certain data points on the mobile devices of their borrowers, some digital lenders send threatening messages to the telephone contacts of the borrowers. In some instances, digital lenders go on to inform telephone contacts of their defaulting borrowers via text messages that the borrowers are wanted by law enforcement agents or that the defaulting borrower is a person living with a terminal disease.

Regulators have frowned at these practices and in at least one instance, the National Information Technology Development Agency (NITDA) (now known as the Nigerian Data Protection Bureau) has sanctioned a digital lender for privacy invasion and failure to protect the personal data of its customers as required by the Nigerian Data Protection Regulation (NDPR). The offending digital lender was fined over US$20,000 by the NITDA.

In November 2021, the Federal Competition and Consumer Protection Commission (FCCPC) alongside 5 other state agencies, set up a regulatory and enforcement task force to investigate practices considered to be violations of human rights in the digital lending space.

These investigations have led to sustained raids on the physical locations of digital lenders implicated in the FCCPC's investigations for abuses. To further stem the tide of identified abuses, in August 2022, the FCCPC issued the Limited Interim Regulatory/ Registration Framework and Guidelines for Digital Lending, 2022. The Interim and Regulatory/Registration Framework is the FCCPC's approach to regulating the digital lending space and making provisions for the requirements for approval and registration to carry on the business of digital lending in Nigeria. The Interim and Regulatory/Registration Framework contains two forms (Form DLG 001 and Form DLG 002).

While Form DLG 001 contains a suite of disclosure points to be made by digital lenders, Form 002 is in the form of a declaration confirming the completeness and accuracy of the responses provided in Form DLG 001 and compliance with Federal Competition and Consumer Protection Act, 2018; the Nigeria Data Protection Regulations, 2019; as well as the Central Bank of Nigeria's Guidelines on Anti-Money Laundering and Combating the Financing of Terrorism (AML/CFT).

The FCCPC has provided a checklist of documents to be submitted for registration and approval of digital lenders to include:

  1. A certified copy of the certificate of incorporation of the digital lender;
  2. Evidence of compliance with Form DLG 001 – FCCPC Interim Digital Lending Guidelines Form;
  3. Terms of use;
  4. Privacy policy;
  5. Code of conduct;
  6. Any and all previous defamatory messages sent to customers and any and all new templated messages;
  7. Proof of disciplinary action against erring staff;
  8. A brief description of the business and where relevant, their groups;
  9. Organogram showing the role players, and location of key role players and any operational approving authority;
  10. Name and address of a person within the business who is authorized to accept all the correspondence and accept service on behalf of the business;
  11. Evidence of membership of any trade or professional associations;
  12. Any service level agreements with any service providers with respect to operations but excluding administration;
  13. Proof of tax payments or tax waivers where applicable.
  14. Evidence of all applicable fees associated with service.
  15. Evidence of compliance with Form DLG 002 - Declaration for Digital Lending Businesses in Nigeria.

Further to the requirements highlighted above, the FCCPC requires digital lenders to obtain a data privacy audit report from the Nigeria Data Protection Bureau and submit the report to the FCCPC. However, a conditional approval may be granted, pending when the audit report is obtained from the Bureau and submitted to the FCCPC.

Conclusion

The FCCPC has shown its readiness to enforce the Interim and Regulatory/Registration Framework. On its website, it has published a list of digital lenders who have obtained full or conditional approvals. Payment gateways used by most digital lenders have been mandated by the FCCPC to demand the registration and approval of the FCCPC from digital lenders as a pre-condition to continue to provide their services. More recently, following updates to its developer program policy, Google Play has requested digital lenders to provide evidence of their compliance FCCPC requirements within 30 days from November 16, 2022. Needless to say, non-compliance may result in the removal of the applications of non-compliant digital lenders from Google's play store.

Originally Published 25 November 2022

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.