Introduction

On Tuesday 7 March 2023, the Central Bank of Nigeria (the "CBN") in furtherance of its mandate of ensuring the stability of the financial system and deepening the financial system, announced the issuance of the Operational Guidelines for open banking in Nigeria (the "Guidelines"). The adoption of open banking in Nigeria is expected to foster the sharing of customer-authorized data between banks and third-party firms to enable the building of customer-focused products and services and ultimately enhance efficiency, competition and easy access to financial services in Nigeria.

It is particularly noteworthy that Nigeria is the first country in Africa to adopt a clearly stipulated open banking regulation. In this newsletter, we briefly highlight the key provisions of the Guidelines and examine its potential impact on the financial services industry.

What is Open Banking?

Open banking is a system which allows third-party application developers access to financial data held by banks, through the use of an Application Programming Interface ("API"). Let us assume you have a bank account. Open banking is a new way that banks can share your financial information with other companies through an API, if you give them permission to do so. APIs are mechanisms that enable two software components communicate with each other using a set of definitions and protocols. In rather simpler terms, APIs are methods through software systems "talk to each other". For example, let's say you have a budgeting app on your phone that helps you keep track of your spending. With open banking, you could give that app permission to access your bank account information so that it can automatically track your spending and help you budget better.

The concept of open banking is built around data. Data has assumed immense importance in recent times and financial institutions are reshaping their activities into a data-driven business as the phenomenon of digital transformation is rapidly changing the way technology impacts the financial industry. As a result, online financial services are enabled by offering third-party providers access to customers' personal data and bank functionality such that financial consumers no longer need to go to a bank to complete banking activities. It is entirely possible that the nature of a primary banking relationship changes as users do their banking with companies that are not banks at all. This is what is referred to as open banking.

Key Highlights of the Guidelines

1. Scope and eligible parties1

The Guidelines apply to banking and other related financial services as categorized and determined by the CBN. The Guidelines state that any organization that has data of customers which may be exchanged with other entities for the purpose of providing innovative financial services within Nigeria, will be eligible to participate in the open banking system. The Guidelines provide that such entities can operate under the following roles as participants:

  1. API Provider: a participant who uses API to provide data or services to another person/entity.
  2. API Consumer: an entity who uses API released by the API provider to access data or service.
  3. Customers: data owner that shall be required to provide consent for release of data for the purpose of accessing financial services.

2. Open Banking Registry

The CBN is required to create an open banking registry which shall serve as a public repository of all approved open banking activities and APIs available in Nigeria, providing regulatory oversight and ensuring that registered participants in the open banking ecosystem are listed and adhere to the Guidelines.2

3. Data Governance, Data Privacy, and Data Protection

Pursuant to the Guidelines, the CBN is expected to provide data oversight and governance for open banking and ensure compliance with the relevant legal and regulatory provisions.3 The Guidelines also mandate participants to comply with applicable data protection and consumer protection laws such as the Nigerian Data Protection Regulation or any data protection regulations for financial institutions issued by the CBN to protect customer data.4 The Guidelines emphasize the importance of ensuring that all parties involved in open banking employ the best possible data security practices as well as the recommended standards for technical data encryption protocols like the transport layer security, and more.5

In the same vein, the Guidelines highlight the importance of customer consent. It provides that consent shall be required from customers whose data are required to enable them access open banking products and services. The CBN recognizes that at the core of open banking is user's permission and without it, the banks, providers, and consumers of APIs cannot share or receive data. Consequently, the Guidelines makes salient points on the responsibility of each participant in the open banking ecosystem in ensuring that users are always made aware of:

  1. a request to access data or funds from their account(s);
  2. the nature of data to be shared and with whom; and
  3. the duration for which these parties will maintain access to the information.

4. Guidelines for engagement

The Guidelines provide comprehensive provisions for API providers and consumers. Under the Guidelines, API providers and consumers are required to execute Service Level Agreements between API providers and API consumers to govern the relationship between the parties.6 Furthermore, the Guidelines specify incident management procedures7 , key performance indicators8 , reporting and business continuity processes9 , amongst others for participants. Overall, the Guidelines sets out the responsibility and governance requirements for each participant in the open banking system.

5. Intellectual Property

The Guidelines state that all applicable intellectual property of the participants shall be protected under Nigerian law, and prohibit the unlawful acquisition of proprietary rights, title, or interest in or to any intellectual property rights of another party or any other participant pursuant to the participation in open banking in Nigeria.10

6. Dispute Resolution

The Guidelines provide adequate mechanisms relating to liability management, customer complaint, and redress management. Participants are required to detail in their respective Service Level Agreements, comprehensive dispute resolution processes including timelines for resolution. The CBN through its consumer protection department is expected to act as an arbiter in the event that parties are unable to reach a resolution. It is important to note that the provisions of the Guidelines do not foreclose the rights of an aggrieved party to resort to other means of dispute resolution.

Looking Forward: Potential Impact

According to data released by the Nigeria Inter-Bank Settlement System, there are about 135 million active bank accounts in Nigeria distributed across various banks and institutions. Each of these accounts hold data points which create a financial profile of the account holder. The effective implementation of the Guidelines therefore has various benefits for consumers of financial services including allowing new players to enter the financial services market and expanding value chain within the financial services industry. The Guidelines also offer innovative products and services which increases competition and gives consumers more options to choose from.

In addition, open banking affords motivation for financial institutions to offer better products and services to retain and attract customers, thus benefitting consumers by providing them with improved financial products and services. Moreover, it can lead to lower costs for consumers, as it enables them to compare financial products and services in a more efficient manner and choose products and services that are most cost-effective for them.

As highlighted above, the Guidelines provide consumers with enhanced security and protection of their financial data, as it requires financial institutions and third-party providers to comply with strict security standards and regulations.

Conclusion

The Guidelines have the potential of transforming the way consumers access and use financial services, by providing consumers with more options, better products and services, and greater control over their financial data. With clear regulations now in place, we expect to see more financial technology startups leveraging the Guidelines to provide niche product offerings to service participants in the open banking ecosystem and the financial services sector at large. It also remains to be seen to what extent the CBN as the apex regulator will interfere with the process whilst ensuring the core principle of open banking which is the interoperability amongst banking, payment and financial service providers through APIs such that a consumer can authorize data sharing in order to enjoy some service outside of their financial institutions, is truly preserved.

Footnotes

1.Paragraph 4.0 and 4.1 of the Guidelines.

2. Paragraph 6.0 of the Guidelines.

3.Paragraph 6.2 of the Guidelines.

4. Paragraph 9.2 of the Guidelines.

5. See generally Appendix III (Security Standards) of the Guidelines.

6. Paragraph 8.1.2 of the Guidelines.

7. Paragraph 8.2.2.1 of the Guidelines.

8. Paragraph 8.3. of the Guidelines.

9. Paragraph 8.4 of the Guidelines

10.Paragraph 11.12 of the Guidelines.

11. Paragraph 12.0 of the Guidelines

12.https://nairametrics.com/2022/12/12/active-bank-accounts-in-nigeria-is-133-5-million-according-to-nibss/

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.