Financial system operators in the country are on the higher level of competition as the Central Bank of Nigeria (CBN) issues operational and governance rules on open banking (OB).
The document, released yesterday, could potentially increase customers’ concerns about data safety, privacy, and management. But the guidelines, in principle, encapsulate a robust framework for ensuring the consumers are protected.
Open banking refers broadly to data sharing by operators of the financial system in providing innovative products and services to the market.
The CBN guidelines specify the roles, responsibilities, and rights of different service providers as well as the processes involved in the chain of exchange.
“The Regulatory Framework for Open Banking in Nigeria established principles for data sharing across the banking and payments system to promote innovations and broaden the range of financial products and services available to bank customers. As a result, open banking recognises the ownership and control of data by customers of financial and non-financial services, and their right to grant authorizations to service providers to access innovative financial products and services. “Open Banking applicability includes Agency Banking, Financial Inclusion, Know your customer (KYC), credit scoring/rating, etc. These Guidelines are anticipated to drive competition and improve access to financial and payment services. Participants in open banking shall adhere strictly to security standards when accessing and storing data, and shall be subject to minimum privacy, operational, customer experience, and risk management standards as prescribed by the Bank,” the regulator noted in its introduction.
Critical to the governance framework is the proposed Open Banking Registry (OBR), a public repository for details of registered participants to be managed by the CBN.
According to the document, OBR would provide regulatory oversight on participants, enhance transparency in the operations of OB and ensure that only registered institutions operate in the ecosystem.
“Each participant shall be identified by its CAC business registration number, which shall be the unique key across the OBR system. The OBR shall maintain an API interface, defined within these guidelines, which shall serve as the primary means by which API (Application Programming Interface) providers manage the registration of their API consumers,” the CBN disclosed.
Besides the CBN, the Nigeria Data Protection Regulation and the Corporate Affairs Commission (CAC) will be critical to the enforcement of the rule-based interface among the participants and data owners. They will be overseeing compliance with data governance rules and API providers who are expected to act responsibly.
On data governance, the regulation states: “The Bank shall provide data oversight and governance for open banking information assets for participants in the open banking arrangement to ensure compliance with relevant legal and regulatory provisions.
“Notwithstanding the provisions, all participants shall be guided by all extant laws relating to data protection, consumer rights, and fair practices. Participants shall ensure that customer-permission data is accurate, up-to-date, and complete in data exchanges.”
The 67-page regulation also covers thematic areas such as consent management, data access rules, key performance indicators (KPIs), anti-competition rules, data ethics, data privacy, shared information framework, data verification process, and information security.
The Central Bank said the era would deepen the country’s financial inclusion and create incentives for the development of relevant financial service technology.
Even before the unveiling of the framework, data privacy, breaches, and security had become a tense issue with some financial service providers being accused of violation of rules.