1. To mitigate the cyber security and data privacy risks associated with open banking, the exchange of data through API's services have been divided into 4 main service categories based on the potential risk level of each service offering. The Framework goes further to include governance rules by tiering participants such as Deposit Money Banks and CBN Sandbox companies, based on their maturity level and service category. These provisions are most welcome as they ensure consumer protection through the ability to trace data lineage, thereby minimising the cybersecurity risks.
  2. As the general premise of open banking is based on financial institutions granting third-party access to their customer data, the Framework sets out a range of non-exhaustive banking and related financial services that the regulations apply to, while giving the Banks discretionary powers to include additional services. This is particularly exciting as the proposed collaboration between Banks and fintechs, will promote the growth of these companies by expanding the scope of their services, while demonstrating their innovation and entrepreneurship. Furthermore, once open banking is adopted, consumers will have access to affordable and personalised financial services, as banks and other wealth management fintechs, such as REACH, through the services of third-party institutions such as other fintech, pension and insurance companies, will be able to carry out in-depth due diligence on customers across all financial institutions.
  3. In February 2021, the Central Bank of Nigeria (the "CBN") released the framework for open banking in Nigeria (the "Framework"). In the Framework, the CBN demonstrates its commitment to enhancing inclusion in the financial services sector by actively promoting innovative third-party collaboration, using Application Programming Interface ("API") to achieve open banking in Nigeria.
  4. As consumer protection is imperative in open banking, the Framework contains detailed information on how applications should be made by participants to be registered within their tiers, on the Open Banking Registry to be maintained by the CBN. It is expected that these governance provisions will ensure that the participants' existing security measures are further improved to alleviate open banking threats. This provision is also important as the requirements help to create uniform standards, which constitute a pillar of open banking.
  5. To ensure that there is controlled and seamless flow of information between systems, the Framework provides specific principles and guidance that developers of APIs must adhere to. With these provisions, the Framework ensures that all services and applications are developed using similar API specifications as published in the Regulation. The creation of the guiding principles will enable the CBN to develop common standards when integrating the software systems whilst simultaneously ensuring better consumer experience and appropriate consumer protection. This also creates an opportunity for Fintech companies who, through their engineers, may create these APIs to be accessed by banks and other third parties.
  6. The Framework contains detailed information on the responsibilities and risk management of Participants. Participants are sub-divided into the following roles: providers who use 'API to avail data or service to another participant', consumers who use the API released by the providers to access the data or service, fintech companies who provide the innovation, Developer Community who develop APIs for participants and even the CBN. The provision of clear-cut roles and responsibilities makes it easier to accomplish the objectives of open banking.
  1. The CBN has also made some provision for the protection of customers rights through a redress mechanism within the Framework. At the base level, Participants must observe the provisions of the Consumer Protection Framework of the Bank when interfacing with customers. The Framework contains some data protection provisions by stating that all agreements must be simple to understand, in the customer's preferred language, and the customer's consent shall be obtained before specific rights are granted to the participants. Customers are also entitled to receive regular security updates but must comply with all security and authentication protocols. If the customer experiences any loss, the participant and its partner are jointly liable unless the participant can prove willful negligence or a fraudulent act against the customer.
  1. The creation of the Regulation couldn't be more timeous as it places Nigeria as a frontier market in implementing open banking in Africa. Through the inclusion of robust provisions geared towards customer protection and satisfaction, we are confident that open banking will improve the ease of doing business in Nigeria thereby attracting even more foreign investments into the country. It will also create further sources of revenue for the third-party companies whilst enabling financial inclusion.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.