ARTICLE
5 May 2023

Acquiring Central Bank Of Nigeria Regulated Entities – The Core Of The Deal

Ai
Andersen in Nigeria

Contributor

Andersen in Nigeria logo
Andersen in Nigeria is the Nigerian member firm of Andersen Global. We are an independent tax and advisory services firm with a worldwide presence through the other member firms and collaborating firms of Andersen Global. The firm consists of professionals with many years of experience in taxation, transactional, transfer pricing, accounting and business advisory services both at local and international levels.
The CBN has specific requirements for the various categories of its licences.
Nigeria Finance and Banking

By Bukola Bankole and Deborah Tatama, TNP, Lagos

The Central Bank of Nigeria (the "CBN") puts the 'R' in Regulation when it comes to the entities it regulates. This is how the CBN keeps its eyes on the ball in regulating the activities of banks and other financial institutions (the "Regulated Entities(y)"). From Anti-Money Laundering and Combating the Financing of Terrorism (AML/CFT) policies, cybersecurity, restructuring, and more, the CBN seems to want to be aware. Beyond knowing, the CBN is interested in approving significant steps Regulated Entities take. To us, the CBN is like an African parent, who wants to oversee the affairs of its child and append its stamp of approval when that child is making a major life decision – career (products) or relationships (partnerships, mergers, acquisitions, and other restructuring deals).

Acquiring a Regulated Entity is an uphill task, not only because of CBN's overarching presence throughout the process, but more because of the enormity of the financial risks to the acquirer post-closing. That said, beyond regular matters any buyer should look out for in a merger & acquistion (M&A) transaction, acquiring a Regulated Entity begs the buyer to consider other significant issues. This is owing to the fact the transaction involves the acquisition of a company or assets primarily dedicated to highly regulated activities backed by licences and authorisations that can be suspended or even revoked. Consequently, it is necessary to allocate sufficient resources, time, and attention to assessing the risks a buyer may be exposed to.

We will attempt to give a brief overview of considerations to be kept in mind in M&A transactions that feature Regulated Entities and discuss some risk mitigation strategies.

Special Considerations when Acquiring Regulated Entities

Approvals

Closing a deal featuring a Regulated Entity requires the approval of the CBN. According to Section 7 of the Banks and Other Financial Institutions Act (BOFIA), the CBN Governor must give his consent before any agreement or scheme of arrangement resulting in a change of control or a transfer of significant shareholding in a Regulated Entity can be concluded. A contravention of this provision will void any related deal, and the transfer of any interest from the seller to the buyer will be ineffectual, except it is subsequently ratified by the CBN. This sort of contravention further exposes the Regulated Entity to a penalty of ₦20, 000, 000.00 (Twenty Million Naira) upon conviction, and the sum of ₦500, 000.00 (Five Hundred Thousand Naira) for each day the contravention continues. This is a risk the parties to the transaction do not want to be exposed to.

There is also an additional hurdle for some Regulated Entities seeking any other CBN issued licence as the CBN by its circular of 9 December 2020 on the New Licence Categorizations for the Nigerian Payments System (the "Circular"), specifies that licenced payment companies identified as Mobile Money Operators; Switching and Processing companies; Super-Agents; Payment Terminal Service Providers; and Payment Solutions Service Providers seeking any additional licence; must obtain a "no-objection" from the Payments System Management Department (PSMD) 1.

Licence Specific Requirements

The CBN has specific requirements for the various categories of its licences. Thus, a target's licence is the first step in determining the specific requirements a buyer should look out for when acquiring a Regulated Entity. These may range from minimum share capital requirements, compliance with the CBN AML/CFT regulations and other regulations on Know Your Customer (KYC) and Customer Due Diligence (CDD) requirements, compliance with the CBN Risk-Based Cybersecurity framework etc. That said, a birds-eye standard attention must be adopted when reviewing licence approvals, as well as the relevant circulars, guidelines, and frameworks applicable to the target. This is because the CBN periodically issues directives through circulars and regularly updates its guidelines and frameworks. For instance, the Regulatory and Supervisory Guidelines for Microfinance Banks (MFBs) in Nigeria (2012) limits the number of branches an MFB can operate depending on the class of licence held by the MFB. This indicates the need to confirm the MFB is operating within the scope of its licence with respect to the number of its branches. In addition, the BOFIA requires banks to obtain the prior approval of the CBN before changing the location of its branches. This informs the need to know both former and current branches of the MFB, and to confirm requisite approvals (where applicable) were obtained for each of these.

Data Protection Compliance

The Nigeria Data Protection Regulation (NDPR) 2019 contains specific data protection and privacy requirements for data controllers and processors. Typically, depending on the activity being conducted, the Regulated Entity alternates between the two roles. The fact is Regulated Entities, more often than not, process a mine of personal data. As a result, compliance with the NDPR should be top of mind for any Regulated Entity. These requirements include having a data protection policy, appointing a data protection officer, conducting periodic data protection audits, and filing returns to the Nigeria Data Protection Bureau, etc. There is therefore the need to ensure the target Regulated Entity is NDPR compliant and has adequate structures to prevent data breaches.

Cyber Security

Data protection and privacy is only assured where a company has best-in-class cybersecurity infrastructure to protect such data. The CBN Risk-Based Cybersecurity Framework and Guidelines for Deposit Money Banks (DMBs) and Payment Service Providers (PSPs) (the "Framework") sets the minimum standards and requirements to be implemented by all DMBs and PSPs in their respective cybersecurity programmes.

However, whilst one may find the cybersecurity framework adequate, it may not be foolproof. For additional protection, prudence dictates the buyer obtains relevant indemnities from the seller.

Operational Structures Required to Maintain the Licence

Some CBN regulations require several operational structures to be in place for the maintenance of a licence. This helps the Regulated Entity stay compliant with its obligations to the CBN. Some of these comprise having an internal audit unit, a compliance officer, a chief information security officer, an anti-fraud unit, a money laundering reporting officer, etc. The buyer needs to be aware if these structures are already in place. In the event they are not, it can decide on how the operational cost for establishing these structures would be managed.

Other Considerations: Some other key issues to consider are:

  • are there any incidents of non-compliance identified by the CBN during periodic audits and have they been remedied? Section 12 of the BOFIA enlists non-compliance with a CBN directive as grounds to revoke a licence.
  • are there ownership restrictions in the Company's Articles? Picture this – Company A just acquired Company B. This deal is regarded as one of Nigeria's largest fintech acquisition deals. Post-closing, after money has exchanged hands, Company A surprisingly discovers from Company B's Articles of Association – Company B can only be owned by members of a specific society. Unfortunately, Company A is not a member of the specified society! Wahala! Watch out for clauses that restrict ownership of a company to a defined set of people which may not include the buyer!
  • are the objects of the target in line with its permissible activities? The Circular specifies the need to limit the objects of payment companies to its permissible activities. 4
  • are the target's shareholders' funds at par with the minimum share capital requirement for the licence? Where this is not the case, the target runs the risk of its licence being revoked for non-compliance with its minimum share capital requirement. So here, a buyer must prioritise recapitalising the target. As we have seen in a few cases in fact, the CBN may require the recapitalisation done first, prior to approving the acquisition.
  • Material Contracts. You want to know that their products, activities, and partnerships are in line with their permissible activities.

Conclusion

After considering these key issues, an efficient step would be to categorize them into high risk, medium risk, and low risk.

High risk issues may include non-compliance with CBN directives and regulations, non-compliance with the BOFIA, ownership restrictions, and engagement in non[1]permissible activities. The penalties here are typically grounds for revocation of the licence, fines, or both. Given that high risk issues affect the core of the deal, the buyer must consider how the risks can be limited and whether the deal is worth closing.

On the other hand, medium risk issues such as non-compliance with data protection regulations, pending litigation (depending on the nature of the suit), pending tax liabilities etc., typically expose the target to monetary fines. Once these risks are identified, the buyer can decide which risks could be remediated as conditions precedent or subsequent and obtain relevant indemnities from the seller.

Finally, low risk issues are such that do not affect the core of the deal and can be remedied at the pace of the parties.

The core of the deal is, the buyer wants the licence. This makes it expedient to confirm the licence is valid and is being used in line with its regulator's directives. Like every major life decision, duty calls to have clarity and comfort in taking that next step. The buyer must have clarity and confidence with the status of the licence, which gives the comfort needed in taking the next steps.

Footnotes

1. Note that non-compliance with a CBN directive is a ground for licence revocation Section 12 BOFIA.

2. Section 6 BOFIA

4. Backing that up, Section 12 of the BOFIA enlists carrying out activities outside the scope of a licence to be a ground for revocation.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Find out more and explore further thought leadership around Finance Law and Banking Law

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More