Introduction

The Banking sector worldwide is undergoing major changes and the key drivers of these change are You and I. In today's world (described as the Experience Economy by Pine and Gilmore, Harvard Busines Review 1998), we all want easier, seamless and personalised digital banking experiences.

One way banks in the United Kingdom and other countries are meeting this need is with the use of Open Banking. Open Banking is the banking practice that grants third-party financial service providers access to consumer banking transactions and financial data through the use of Application Programming Interfaces (APIs). Such access must be only to the extent approved by customers.

It is expected that with Open Banking, customers would: (i) view and manage their various bank accounts from one centralized location; (ii) grant easy access of account information to creditors when applying for a loan rather than gathering reports from various banks; (iv) have easier accounting processes; and (v) enjoy competitive banking rates, amongst other benefits.

In view of the foregoing and with a view to enhance financial inclusion, improve competition in the financial services space and promote efficient services, the Central Bank of Nigeria (CBN) on the 17th day of February 2021, issued the Regulatory Framework for Open Banking in Nigeria ("Framework").

In this article, we have highlighted some of the key provisions of the Framework.

1.Scope – The Framework applies to banking and other related services including: (i) payments and remittance services; (ii) collection and disbursement services; (iii) deposit-taking; (iv) credit; (v) personal finance advisory and management; (v) credit ratings/scoring; (vi) leasing/hire purchase; and (vii) mortgages.

2.The Participants – The Framework regulates the following 4 Participants in Open Banking: (i) The Providers (who use API to provide data or a service to another participant); (ii) The Consumers (who uses API released by the providers to access data or service); (iii) The Fintech companies (they may be Providers or API Users; in such instance, they assume the responsibilities of the role they play at any point in time); (iv) the Developer Community (individuals and entities that develop APIs for participants based on requirements). The responsibilities of each of the Participants are set out in the Framework.

3.The Regulator – Though not listed as a Participant, it is pertinent to note that the CBN is the primary regulator of Open Banking in Nigeria. The CBN is to be responsible for the maintenance of an Open Banking Registry and the development of the Common Banking Industry API Standards. These Standards are to be developed within 12 months of issuance of the Framework.

4.Categories of Financial Data that can be shared through APIs – The Framework divides data and services that can be shared through APIs into four broad categories and defines the risk level associated with each category.

S/N Data and Service Category Risk Rating Participants who can access this data
i. Product Information and Service Touch Points – includes data on products provided by Participants to their customers and the access points e.g. ATM/POS/Agents locations, website/app addresses, fees, rates etc. Low All Participants (including participants without licences and those in the CBN Sandbox).
ii. Market Insight Transactions (MIT) – this includes data exchanged for the purpose of gathering statistics of products, services and segments. Such information must not be associated to any individual, customer or account. Moderate All Participants (as above).
iii. Personal Information and Financial Transaction (PIFT) – this includes data at an individual customer level either on general information on the customer (e.g., KYC data, total number of accounts held, etc) or data on the customer's transaction (e.g., balances, bill payments, loans, recurring transactions on customer's accounts, etc). High These can be accessed by Participants in the CBN Sandbox; licenced Payment Service Providers and other financial institutions; and Deposit Money Banks.
iv. Profile, Analytics and Scoring Transaction (PAST) – this includes data of a customer that analyses, scores or gives an opinion on the customer e.g., credit score, incoming ratings etc. High and Sensitive These can only be accessed by licenced Payment Service Providers and other financial institutions; and Deposit Money Banks.

5.Customer Protection – The implementation of Open Banking is hinged on the explicit consent of the customers/end users of financial products. The Framework mandates Participants to obtain the consent of customers in the customer's preferred language and to ensure the security of financial data of such customer.

6.Liability for Misuse of Data – Participants and their partners would be jointly liable for any loss occurring to the customer as a result of data sharing; save for where the Participant can prove wilful negligence or fraudulent act against the customer.

Conclusion

As earlier stated, there are various benefits attributable to Open Banking including more ease in banking transactions. There is, however, a major risk of data breach or the misuse of consumer data. It is imperative that data protection regulations are properly implemented in Nigeria to avoid grave financial losses to consumers.

Data Protection Compliance Organisations and Legal Advisers1 will be expected to play a major part in supporting Participants and regulators in protecting consumers, as Open Banking develops in Nigeria.

Footnote

1. To read about data protection services, please visit our website at https://pavestoneslegal.com/

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.