On March 7, 2023, the Central Bank of Nigeria (“CBN”), in line with its mandate to ensure the stability of the financial system in Nigeria issued the Operational Guideline for Open Banking in Nigeria.
Open banking is the banking practice that provides third-party financial service providers access to consumer banking, transactions, and other financial data from banks and non-bank financial institutions using Application Programming Interfaces (APIs). The APIs serve as a medium for requesting and sharing customer data.
Whether in Nigeria or another nation, open banking creates an avenue for financial and non-financial companies to easily share information about their customers, with the customer’s permission, to make more useful and competitive services available to customers.
The Guidelines establish principles to regulate data sharing across banking and payment systems to broaden the range of financial products and services available to bank customers.
Notable Provisions in the CBN Guidelines For Open Banking
1. Stakeholders
The categories of participants involved in open banking are categorised into:
a. The API Providers
This refers to a participant that uses API to avail data or services to another participant. An API Provider can be a licensed financial institution/service provider, a Fast Moving Consumer Goods (FMCG) Company or other retailers, Payroll Service Bureau, and so on.
b. The API Consumers
This refers to a participant that uses API released by the (API) providers to access data or services. An API Consumer can be a licensed financial institution/service provider, an FMCG or other retailer, a Payroll Service Bureau, and so on.
c. Customers
This refers to the data owner who shall be required to provide consent for the release of data to access financial services. It is imperative to note that the CBN shall establish an Open Banking Registry which amongst other functions, shall be maintained to provide oversight over the various participants in open banking. The Open Bank Registry serves as a repository by which API providers manage the registration of their API consumers.
2. Nexus between Data Privacy and Open Banking
The concept of Open Banking deals mostly with the accessibility of consumer data across different financial and non-financial institutions. It is therefore pertinent to consider the measures established to protect consumers’ data. The Guidelines provide that the CBN shall provide data oversight and governance for open banking information assets for participants in the open banking arrangement to ensure compliance with relevant legal and regulatory provisions. In addition, all participants shall be guided by all extant laws relating to data protection, consumer rights, and fair practices.
Similarly, to safeguard consumer information and ensure data privacy, banks need customer consent before sharing their data with API providers or other users. This ensures customers remain in control of their data and how it’s used.
The Guidelines create four categories of data that can be exchanged using APIs. It also gives a risk category to each of the categories;
i) Product Information and Service Touchpoints- PIST (low-risk)
ii) Market Insight Transactions – MIT (moderate risk)
iii) Personal Information and Financial Transaction – PIFT (high-risk) and
iv) Profile, Analytics, and Scoring Transaction – PAST (high and sensitive risk)
The Nigeria Data Protection Regulation (NDPR) is the foundational pillar for data privacy in Open Banking. The Guidelines provide that the different categories of participants shall protect personal and transactional data against data loss, theft and breach in line with regulations such as the NDPR and/ or any data protection regulation issued by the Bank and implement clearly defined data retention and destruction policy(ies) in line with CBN Guidelines and the NDPR.
3. Dispute Resolution in Open Banking
As is common with the use of goods and services, dispute is inevitable. The Guidelines provide that the participants in open banking (API provider/consumer) shall develop customer complaint channels for reporting time-sensitive issues and lodging complaints. Customers also have the option of escalating complaints to the Consumer Protection Department of CBN.
Leading the Way
Nigeria is now the first African country to issue open banking Guidelines. These Guidelines are a step in the right direction and the implementation of the Guidelines will foster progress in the financial sector of Nigeria. It would usher in a new system of financial innovation and financial inclusion in Nigeria and Africa as a whole.
