REGULATORY FRAMEWORK FOR OPEN BANKING IN NIGERIA
*Reviewed 30th August 2021*
There has been measurable improvement and advancement in the global finance sector as a whole over the years and Nigeria has not been left out of this rapid development. The investments into technology and disruptive process to facilitate an easier and more effective financial sector have run into billions of dollars. Although these improvements are innovative and useful at the same time, the thirst for more advancement seems to increase with every new bold step.
Nigerian financial service providers have made strides in areas of risk management, cybersecurity, internet banking and payments to mention a few, however, there seems to be a quest to totally overhaul the banking system with digital services, thus, banks always have to be on their toes and never stop research and development. One of the more pronounced introductions is open banking. You will also find my article on REGULATORY FRAMEWORK FOR CREATING USSD CODE TO EASE CUSTOMER PAYMENTS very enlightening.
WHAT IS OPEN BANKING?
Open banking is the use of technologies by third-party providers to build services and applications around financial institutions. It provides guidance on how these third parties can access and utilise customer data obtained by banks in a standard format to provide more open, transparent and competitive banking services.
This may seem like a whole lot to take in but in simple terms, it is basically a central system where customers can manage all their accounts and financial products. Thus, no matter the number of bank accounts or financial products a customer is using, it can all be accessed from one centralised system.
The possibility of this may be the first question that comes to mind, the simple answer is data. Data analysis and management have been big trends in recent years and access to data means there can be a shift from closed banking systems to the open banking system because data is shared between various players in the banking ecosystem with the authorisation of the customer.
STRUCTURE OF AN OPEN BANKING SYSTEM
One of the most important enablers for an efficient open banking system or model is the Application Programming Interface popularly referred to as APIs. An API is a software intermediary that allows two applications to talk to each other. What do these two applications or systems exchange? Data.
Not to go into the technical terms, APIs make it easy for software applications to communicate and access data from a server or database that is then made available to those who request it.
More popular ones that can immediately help with understanding are online payment platforms. When shopping or going through some online stores and a purchase is to be made, the buyer is redirected to a payment API for payment like Paystack or Flutterwave, those are private APIs that communicate with your bank and the bank of the seller of your card issuing bank and the receiving bank of the seller to ensure the payment process is buttery smooth.
For these APIs to work effectively for open banking, there has to be an existing framework and common standards that regulate the players in the system. An example of efficient standards that have been in place in the financial industry is debit and credit cards; no matter the bank that issues them, they work in the Automated Teller Machines (ATMs) and Point-Of-Sale (POS) Machines of any other bank.
Open banking is a collaborative effort to share banking data via APIs between the key players to create a better banking experience that meets the unique needs of every customer.
REGULATORY FRAMEWORK IN NIGERIA
In February 2021, the Central Bank of Nigeria (the “CBN”) released the framework for open banking in Nigeria. This framework promotes innovative third-party collaboration and the usage of API to achieve open banking in Nigeria and some of the major provisions include:
There is a range of banking and related financial services that the framework applies to while giving banks discretionary powers to include additional services. This is indeed good news in the event that banks choose to expand services using fintech companies but it is still discretionary and banks may choose to create their own systems.
To reduce the possibility of data breaches and other cybersecurity crimes like phishing, the exchange of data through API’s services have been divided into 4 main service categories based on the potential risk level of each service offering.
There are governance rules included in the framework that categorises participants and tiering them, examples are Deposit Money Banks and CBN Sandbox companies, which is based on their maturity level and service category. This will go a long way in tracking the data channels, ensure consumer protection and minimise cybersecurity risks.
The framework creates an open banking registry which is to be maintained by the Central Bank of Nigeria. All applications by participants to be registered within tiers are made to this registry. The existence of the registry will ensure an airtight system where certain security and other requirements have to be met before any participant is registered.
There are specific rules that developers of APIs must be guided by, this ensures a uniform set of standards and specifications are used across the board. The creation of the guiding principles will enable the CBN to develop common standards when integrating the software systems while also ensuring a better consumer experience and appropriate consumer protection.
There are provisions on the responsibilities and risk management of participants. Participants are divided into;
Providers who use API to avail data or service to another participant;
Consumers who use the API released by the providers to access the data or service;
Fintech companies who provide innovation; and
Developer communities that develop APIs for participants and the Central Bank of Nigeria.
The framework also makes provisions for a redress mechanism to ensure the protection of customers rights. All participants must observe the provisions of the Consumer Protection Framework of Banks when interfacing with customers. There are further provisions for data protection and consumer protections that state that all agreements must be plain and simple to understand in the customer’s preferred language and customer’s consent shall be obtained before specific rights are granted to the participants.
NIGERIA’S READINESS FOR THE OPEN BANKING SYSTEM
With some of the world leaders in tech innovation like the United States of America and the United Kingdom pushing for the adoption of the open banking system actively. Many countries like Nigeria will immediately feel the pressure to jump on this innovation train and also pass open banking measures. However, the risks, challenges and benefits are still being weighed and a quick inconsiderate jump could potentially raise threats. Open banking provides a number of benefits which include:
Access to data and proper analysis will help organisations understand consumer financial behaviour and trends. This can be used extensively in weighing probabilities to defect on a loan, financial positions, risk appetite, spending behaviour and other data that can be used to create better products.
Consumers can get access to their own data and better understand their financial positions and spending trends that can help make better financial decisions overall.
It helps to drive innovations as the availability of bank data can be the key to unlocking advancements in the financial sector.
These benefits indeed are groundbreaking, but the question of Nigeria’s readiness is a relevant one in the adoption of this system. With the benefits listed come consequences. They will be discussed below but for the Open banking system to function effectively, there needs to be a foolproof data protection system in place as most of the unintended consequences of adopting the open banking system border around data breaches:
Increased number of data breaches, fraud and phishing as a result of frequent data sharing between participants.
Reduced financial accessibility as low credit quality customers are more easily identified and low net worth customers which will lead to exclusion from some facilities from financial institutions.
Increased capital/funding issues due to deposits moving rapidly between different banks.
THE FINANCIAL SECTOR ADOPTING THE SAME API STANDARD FOR INTEGRATION
The Nigerian banking industry, under the regulation of the Central Bank of Nigeria, has a history of collaboration to create impactful standards across several banking activities. Examples include the Nigeria Uniform Bank Account Number (NUBAN), Bank Verification Number (BVN) and NIBSS Instant Payment (NIP).
These standards have driven the expansion and security of the payment ecosystem, landing Nigeria a position in the top five attractive countries for foreign direct investment in Africa.
As noble as these efforts have been, the integration standard between banks has not been addressed leading to a complex integration landscape across the industry. If banks adopt a uniform API standard, there would be more seamless integration with the Fintechs leading to cheaper operating costs and enhanced customer experience.
For regulators and the government, the importance of open banking in improving the ease of operating businesses in Nigeria and attracting foreign investments cannot be over-emphasized. Thus, they feel a pressing need to immediately implement this system. The creation of the Framework is a welcome step, however, there needs to be proper scrutiny of more advanced uses of the system by other countries to better create an atmosphere that best suits Nigeria’s financial space.
A call for better implementation of data protection and consumer protection has to be made as the entirety of the Open Banking system is fueled by data. Proper implementation will inevitably improve the ease of doing business in Nigeria thereby attracting even more foreign investments into the country. It will further expand the sources of revenue for the third-party companies and facilitate wider financial inclusion. For a better appreciation of the significance of data privacy and protection, you can see my article on A Website Owner's Guide to Data Privacy and Protection in Nigeria.