What is Nigeria's open banking operational guidelines about?

The Central Bank of Nigeria (CBN) on Tuesday, March 7, issued the operational guidelines for open banking in Nigeria, "in furtherance of its mandate for the stability of the financial system and pursuant to its role in deepening the system," Musa Jimoh, the Director of the CBN's Payments System Management disclosed in a statement.

According to Mr Jimoh, "the adoption of open banking in Nigeria will foster the sharing of customer permissioned data between banks and third-party firms to enable the building of customer-focused products and services."

Nigeria is now the first African country to issue an open banking regulation.

"The release of the final guideline is a culmination of a long journey for open banking in Nigeria. On June 1, 2017, a group of industry veterans, led by Adedeji Olowe, decided that Nigeria needs to lead with payments innovation and formed an open banking working group which ultimately became formalized as Open Banking Nigeria. The group engaged with banks, fintechs, CBN, and other international stakeholders," Open Banking Nigeria stated.

In February 2021, the CBN issued a circular to all Deposit Money Banks (DMBs) and Payment Service Providers (PSPs) regarding the issuance of the Regulatory Framework for Open Banking in Nigeria. Later in May 2022, an exposure draft of the Operational Guidelines for Open Banking in Nigeria was released.

🏦
Typically, the perceived CBN's time for releasing guidelines is 18 months, however, we predicted that the open banking guidelines might have a slightly different timeline because of the department that is managing the process.

It is about ten months and the final draft of the operational guidelines is out.

In the introduction of the guidelines, the CBN says "open banking applicability includes agency banking, financial inclusion, know your customer (KYC), credit scoring/rating etc. These guidelines are anticipated to drive competition and improve accessibility to financial and payments services".

The guidelines also categorised the participants in the open banking into;

  • API Provider (AP)—a participant that uses API to avail data or service to another participant. An API Provider can be a licensed financial institution/service provider, a Fast-Moving Consumer Goods (FMCG) Company or other retailers, Payroll Service Bureau;
  • API Consumer (AC)—a participant that uses API released by the (API) providers to access data or services. An API Consumer can be a licensed financial institution/service provider, an FMCG or other retailer, Payroll Service Bureau and
  • The Customer—that is the data owner that shall be required to provide consent for the release of data for the purpose of accessing financial services.

At its core, open banking enables access; Access to bank customers and customer data for Fintechs by removing barriers to entry. The value of this concept rests on certain key principles including the promotion of a strong banking experience, financial services accelerators such as API gateways programmed in diverse ways to enhance banking needs and the provision of connectors to the core banking platform.

🗞️
In Nigeria, some of the early supporters of open banking in Nigeria were Sterling Bank, KPMG, PwC, EY, Paystack, Teamapt, Wallet Africa, and OnePipe. Other fintech companies like Mono, Switch, Lendsqr, Palmpay, Carbon and Trium also joined the coalition.

"It feels good to get this done for everyone trying to innovate in this difficult place and also for the countless people doing a thankless job driving financial inclusion," Adedeji Olowe, co-founder of Lendsqr and Open Banking Nigeria, wrote on LinkedIn.

Although sharing banking data is quite important towards the growth of the ecosystem, it does come with attendant risks. The regulation mitigates these risks and provides hedges for every player involved. The regulation creates four categories of data that can be exchanged using APIs. It also gives a risk category to each of the categories;

  • Product Information and Service Touchpoints (“PIST”)—low-risk information provided by participants to customers and information to access ATM locations, website addresses, charges, rates, etc.
  • Market Insight Transactions (“MIT”) is judged as a moderate risk. This is information on products, services, and segments. MIT data is not associated with an individual customer and is shared on an aggregate basis.
  • Personal Information and Financial Transaction (“PIFT”) is high-risk. This provides general information on the customer including personal data and transaction data.
  • Profile, Analytics, and Scoring Transaction (“PAST”) is rated as a high and sensitive risk. This is personalized scoring of customer data such as income ratings and credit scores.

The Data Protection Bill which was passed in 2021 to replace the Nigeria Data Protection Regulation 2019 will play a key role in the implementation of this latest regulation for open banking in the West African country.

Recall that, Nigerian president, Muhammadu Buhari in February 2022 approved the establishment of the Nigeria Data Protection Bureau (NDPB) to take charge of data protection enforcement instead of the National Information Technology Development Agency (NITDA).