Within the last seven years, the Central Bank of Nigeria (CBN) has been working tirelessly in implementation of open banking. It has also established various regulations that are focused on enhancing activities in the financial industry and open banking. The essence of these efforts by the CBN is to execute its role of maintaining financial stability in Nigeria. This is a duty which helps to achieve through financial inclusion, improvement of accessibility to relevant data in the industry, increment of existing trust in banker-customer relations, and others.
On March 7, 2023, the Central Bank of Nigeria made an issuance of the Open App Operational Guidelines. This action made Nigeria the first African country to issue these guidelines. This form of banking is a system that permits Third Party Providers (TPP) access to banks and Non-Bank Financial Institutions’ (NBFI) consumer financial data with the aid of Application Programming Interfaces (API). Customer financial information accessibility will easily enable provision of services by TPP and directly to customers, making the process easier.
CBN gives data oversight & open banking information assets.
Through the Open Banking Registry (OBR), the CBN will coordinate activities of the major players currently in Nigerian industries. The OBR will ensure the provision of regulatory oversight on participants, enhancement of transparency in operations, and operation of only registered institutions within the current ecosystem. In data governance, the CBN is expected to give data oversight and ensure information assets for participants in the banking arrangements for compliance with the relevant legal and regulatory provisions.
The regulations identifies the need for maintenance of a Data Governance policy by all APs/ACs. This policy requires approval either by their Committee of Board of Directors or their Executive Management Committee. This policy ensures proper management of every aspect of the data and fulfillment of legal and regulatory requirements. The Data governance policy must have a clear approach towards collecting, collating, analyzing, sharing and retrieving customer data in accordance with extant Laws and Regulations.
New guidelines focus on consent of customers.
Also, the CBN Operational guidelines designed for open banking identify the need for APs/ACs to enact proper measures to ensure their cyberspaces security. The APs/ACs are to ensure entrenchment of an appropriate risk management regime; security of configuration management system. It is also responsible for ensuring secured network for all connections; ensuring proper management of access rights and privileges of users; conduction of user education and awareness; and deployment of malware prevention and detection tools.
Very importantly, the Open Banking Guidelines are more concerned about the consent of customers whose data are being shared. Consequently, the regulators were efficient enough to enact regulations that make sure of a reasonable standard required of major participants. In the eleventh paragraph of the guidelines, requirements are set to ensure obtained valid consent of the customer. It highlights data to be collected from the ACs by the customers. They include legal and full name of the AC; and shortened or brand name of the AC in other situations.
APs/ACs to develop a data breach policy and procedure.
To ensure efficient safety of customers’ data, there are major provisions by the CBN such as Cybersecurity Breach Incident Reporting and the newly introduced Incident Reporting Portal. The incidents contained in the Guidelines are ones that affect the participants, operations and the systems, and may be determined through relevant regulations and guidelines by the Central Bank of Nigeria. Development and implementation of a data breach policy and procedure, and a data Incident Management Procedure are required from the APs (Provider)/ACs (Consumer).