Open Banking in Nigeria and Emerging Opportunities for Fintechs and Financial Institutions

Fintech
2449 VIEWS
Proshare - Facebook Proshare - Twitter Proshare - Linked In Proshare - WhatsApp
Proshare

Saturday February 27, 202/ 11:50 AM / Davidson Oturu (Aelex) / Header Image Credit: Aelex


Proshare Nigeria Pvt. Ltd.


With the arrival of fintechs and other innovators on the banking scene, the way we bank and carry out financial transactions is constantly changing. Some of these developments led to considerations for the creation of a seamless system that would lead to the sharing of financial data through an open banking system.


These developments, facilitated by the European Union's Payment Services Directive (PSD 2), led to the creation of open banking on the global scene.

 

What is open banking?

Open banking forms part of the emerging areas within the fintech ecosystem and is presently in use in Europe, the United Kingdom, China, Japan and Singapore. 

 

It grants third-party providers (TPPs) open access to consumer banking, transactions, and other financial data from banks and non-bank financial institutions (NBFIs) through the use of Application Programming Interface (API).

 

With open banking, customers can share their financial data with different financial institutions. In order for this to be effected, the institution require the express consent of the customers. Open banking represents a shift from a closed model, where financial institutions operated in silos, to one in which data is shared between different members of the banking ecosystem with authorisation from the customer.


Thus, with open banking, fintechs and banks can communicate seamlessly through the networking of accounts and data across institutions for use by consumers, financial institutions, and TPPs.

 

Open banking will lead to a situation where regardless of how many accounts and financial products a customer has with multiple institutions, he can manage them from a centralised location without having to check out from one system to another.


For example, a consumer could have a bank account with Zenith Bank PLC, have a mutual fund account with ARM Investments and operate an account with a fintech like Piggyvest. When the customer wants to check his inflows and outflows from his different accounts, he will have to log into the separate platforms.

 

However, with open banking, the customer can seamlessly operate his investments and track his transactions on the three platforms from a centralised location through the use of APIs. The APIs can also look at the transaction data of the customer and identify the best financial products he can invest in that would yield better interest rates.

 

Importance of APIs to Open Banking

API is a software intermediary that enables technology platforms or applications communicate with each other. Some popular platforms that use APIs to accelerate the delivery of their services to consumers include Facebook, Google, Twitter and PayPal.


A banking API is an interface through which a financial institution provides data about customers, accounts and transactions. With a banking API, users of payment services will not be solely dependent on the direct services offered by their own bank. They can make use of third-party financial services, which, in turn, access the data required by the original bank via the banking API.


Some of the stakeholders that APIs in open banking are beneficial to include the following:


  1. Bank customers - APIs improve the customer experience, since customers can conveniently complete all transactions in the respective context and under one user interface. Also, the paperwork that would typically apply when running multiple transactions on different accounts would be minimised.
  2. TPPs in the e-commerce sector - With APIs, online providers can offer customers better services that include product selection and real-time arrangement of consumer credits.
  3. TPPs in the technology sector - technology providers whose solutions create interfaces to financial institutions and thereby create the technological infrastructure.
  4. Financial institutions - fintechs and banks will be able to expand their payment services ecosystem and onboard new customers through third party platforms.
  5. Fraud detection companies - APIs enable fraud detection companies effectively monitor customer accounts and identify problems as soon as they arise.

 

The Regulatory Framework for Open Banking in Nigeria

On February 17th, 2021, the Central Bank of Nigeria (CBN) issued the Regulatory Framework for Open Banking in Nigeria ("the framework").

 

The framework establishes principles for data sharing across the banking and payment ecosystem. It is aimed at promoting innovation, broadening the range of financial services and products, and deepening financial inclusion.

 

The framework applies to the following financial services1:

  1. Payments and remittance services
  2. Collection and Disbursement services
  3. Deposit-taking
  4. Credit
  5. Personal finance advisory and management
  6. Treasury Management
  7. Credit ratings/scoring
  8. Mortgage
  9. Leasing/Hire purchase
  10. Other services as may be determined by the CBN

 

The framework provides for several issues including data and API access requirements, principles for API, data, technical design, and information security specifications.


We will examine the provisions of the framework and its impact on the operations of banks and fintechs in Nigeria.

 

Guiding Principles for API Specifications

The framework sets out the guiding principles for API specifications2and provides that they shall adhere to the following principles or they will not be accepted:

       i.          Openness: accessible to all interested and permissioned parties

     ii.          Reusability: premised on existing standards and taxonomy of technology

   iii.          Interoperability: supports exchange of objects across technologies, platforms, and organisations

   iv.          Modularity: loose coupling with provision for flexible integration

     v.          Robustness: scalable, improvable, evolvable and transparent

   vi.          User-Centric: enhances user experience for consumers

 vii.          Security: ensures data privacy and safe exchanges and transactions

 

Participants

The framework classifies participants in open banking into 4 categories3 and each have their roles and responsibilities. It is noteworthy that participants are required to:

(a)    maintain a customer service/complaint desk on 24 hours/7 days a week basis to resolve complaints of end-users;

(b)  comply with data privacy laws and regulations; and

(c)  comply with the provisions of the framework

Some of the responsibilities are captured here with the description of the participants:

S/N

Participant

Description

Responsibilities

1)

Provider

A participant that uses API to avail data or service to another participant

a)    Publish the APIs and define requirements and technical guidelines.

b)    Define the data and services accessible through the APIs.

c)     Carry out Know Your Partner (KYP) due diligence on partner participants which shall include a comprehensive risk assessment on the partner participant duly singed off by the Chief Risk Officer before executing agreements.

d)    Ensure that the partner participant that owns the customer interface obtains consent of the end-user based on agreed protocols.

e)    Notify the partner participant of intention to terminate relationship within 48hours of breaching the risk thresholds.

f)       Notify the Bank of any terminated relationships with partner participants within 3 business days to update information in the Open Banking Registry where necessary.

2)

Consumer

A participant that uses API released by the providers to access data or service

a)      Execute a Data Access Agreement and Service Level Agreement with the Provider.

b)     Adhere to the requirements and guidelines set by the Provider.

c)      Obtain consent of the end-user on each action that may be performed on the account of the end user as specified by the provider.

d)     Cooperate with the Provider for the regular monitoring of its control environment.

3)

Fintechs

Companies that provide innovative financial solutions, products and services

a)      Ensure that it leverages API to innovate products and solutions that are interoperable.

b)     Avoid alteration of APIs published by provider without consent of the providers.

c)      Any Modification of published APIs shall be based on the provisions of Data Access Agreement.

4)

Developer Community

Individuals and entities that develop APIs for participants based on requirements.

 

a)      Execute service agreements with the partner participant outlining the participant's business requirement and technical guidelines.

b)     Employ secure coding and development standards and practices.

c)       Maintain strict avoidance of interaction with the production server of the partner participant.

 

 

Categories of Financial Data

Data and services that can be shared through APIs are categorised with their risk levels as follows4:

S/N

Category

Description

Risk rating

1

Product Information and Service Touchpoints (PIST):

 

includes information on products provided by participants to their customers and access points available for customers to access services e.g. ATM/POS/Agents locations, channels (website/app) addresses, institution identifiers, service codes, fees, charges and quotes, rates, tenors, etc.

Low

2

Market Insight Transactions (MIT):

Includes statistical data aggregated on basis of products, service, segments, etc. It shall not be associated to any individual customer or account. These data could be exchanged at an organisational level or at an industry level.

 

Moderate

3

Personal Information and Financial Transaction (PIFT):

Includes data at individual customer level either on general information on the customer (e.g. KYC data, total number or types of account held, etc) or data on the customer's transaction (e.g. balances, bills payments, loans, repayments, recurring transactions on customer's accounts, etc)

 

High

4

Profile, Analytics and Scoring Transaction (PAST):

Includes information on a customer which analyses, scores or give an opinion on a customer e.g. credit score, income ratings etc.

 

High and sensitive

 

Other relevant provisions:

  1. Risk management5 - the framework provides that this is the responsibility of all participants.  They are therefore expected to have (information technology, information security policies and a risk management framework that address APIs and also have a Designate a Chief Risk Officer who shall be responsible for implementing effective internal control and risk management practices.
  2. Customer Rights - the agreement that onboards the client must be presented in the customer’s preferred language and his consent must be revalidated annually.
  3. Liability for loss - Participant and its partner shall be jointly responsible and bear liability for any loss to the customer, except where the participant can prove wilful negligence or fraudulent act against the customer.
  4. Guidance on Operational Rules6 - Dispute resolution protocols among participants are to be codified for basic operational issues. Operational rules are to also discourage dominant party and anti-competition practices.

 

Our Takeaway

The CBN framework is quite comprehensive and if effectively implemented, could lead to remarkable changes in the banking sector.  The key points to note from the comprehensive framework is that the CBN has sought to provide standards for the safe utilisation and exchange of data and services and has defined data access levels (i.e. what bank data can be shared and who can get it).

 

However, the successful implementation of open banking is dependent on collaboration between fintechs, banks and NBFIs and the CBN.


Some of the changes that could be introduced by the implementation of the framework include the following:

 

Competition and Innovation

There could be fiercer competition with larger banks competing for the market with fintechs and smaller banks. This could also see financial institutions trying to outdo themselves by deploying better technology, better customer service, higher interest rates and lower costs.  

 

Conversely, financial institutions can use APIs to create a new experience with their customers by assisting customers in ways that were previously not possible in the market. For instance, they could help customers who are illiterates better understand financial issues around opening a bank account with voice commands in local languages or pidgin English. For the sophisticated customer, an open banking app could also assist them in determining the most affordable loan facility they can obtain from institutions, taking into consideration the state of their finances.

 

It will also generate additional revenue for financial institutions in the form of commission or access fees. Open banking conducted via APIs could also consolidate the position of forward­-looking fintechs who, via data aggregation, can create detailed customer profiles and offer relevant products to clients for greater engagement.

 

Ease of Banking

Conducting banking activities with traditional financial institutions is sometimes considered stressful. However, with open banking, customers will have consolidated information about all their financial products in a centralised location.


This would reduce time spent in carrying out transactions and minimise the paperwork for onboarding new users to the institutions' platforms.

 

Cybersecurity and Data Protection Issues

There are some challenges that exist with open banking, particularly around cybersecurity, data privacy and the resulting liabilities to financial institutions. Issues around data breaches, hacking, phishing scams and malware are issues that would have to be taken into consideration when any institution is considering open banking and the use of APIs.

 

Also, with the Nigeria Data Protection Regulation (NDPR), which bears close resemblance to the European Union GDPR, the legal basis for processing data has to be taken into consideration before the financial records of customers are shared. Direct consent must be obtained from the customer in line with the provisions of the framework as the failure to do this could lead to dire consequences for the financial institution that shares the data.

 

Conclusion

The introduction of the CBN framework is a good development which could potentially lead to the improvement in the delivery of financial services in Nigeria.

 

However, although open banking offers several advantages, there are also concerns over the security risks occasioned by the sharing of data. Data protection laws, such as the NDPR, must also be countenanced by service providers when they are processing the data of consumers.

 

It is however our view that with the engagement of cybersecurity experts, financial service providers and lawyers with experience in data protection and technology, some of the risks can be managed and open banking can thrive in Nigeria.

 

Footnotes

1. Section 3.0 of the framework

2. Section 6.0 of the framework

3. Sections 7.1 and 7.2 of the framework

4. Sections 4.0, 4.1 and 4.2 of the framework

5. Section 9 of the framework

6. Section 6.4 of the framework

 

 

Proshare Nigeria Pvt. Ltd.



Previous Posts by Aelex

1.      The Right to be Left Alone - Examining the Impact of the NDPR on Cold Marketing

2.      An Appraisal of The CBN's Frameworks for Sandbox Operations and Quick Response Code Payments

3.      Diaspora Remittances in Nigeria: Examining the New CBN Policy (2)

4.      Sharing Of Content Through Online Platforms - Considering Digital Piracy In Nigeria

5.      Diaspora Remittances in Nigeria: Examining The New CBN Policy (1) 


Proshare Nigeria Pvt. Ltd.


Related News

1.      Fintech will Enhance Financial Inclusion - SEC

2.      CBN Issues Regulatory Framework for Open Banking in Nigeria

3.      SEC, CBN and NITDA Collaboration Will Strengthen Risk Management of Digital Assets

4.      Why Africa is Considered the Best Place for Adoption of Decentralized Finance (DeFi)?

5.      African Fintech Report 2020: Africa's Mobile Subscription Penetration at 80%

6.      FintechNGR 2020 in Retrospect

7.      Four Cornerstones of Payments in the Digital Age

8.      Categorisation of Nigerian Payment Systems - What It Means For Fintechs

9.      Fintech Nigeria Social Meet 7.0 Explores Digital Acceleration For 2021

10.   FintechNGR Social Meet 7.0 Scheduled to hold on December 09, 2020

11.   FinTech Firms Reported 13% Increase YoY in Transaction Numbers in H1 2020



Proshare Nigeria Pvt. Ltd.



Proshare Nigeria Pvt. Ltd.

READ MORE:
Related News
SCROLL TO TOP