Friday, September 07, 2018 / 05:39 PM / CBN
The Central Bank of Nigeria (CBN), in furtherance of its mandate for the development of the electronic payments system in Nigeria hereby releases the Exposure Draft of the Regulatory Requirements for Non-Bank Merchant Acquiring in Nigeria for the Nigerian Financial System for your review and comments.
Kindly forward your inputs on or before September 21, 2018 to Director, Payment System Management Department and .
Thank you for your usual cooperation.
In exercise of the powers conferred on the Central Bank of Nigeria (CBN), by Sections 2 (d) and 47 (2), of the CBN Act, 2007, to promote and facilitate the development of efficient and effective systems for the operations Non-Bank Acquiring service in Nigeria; the Central Bank of Nigeria hereby issues the Regulatory Framework for Non-Bank Acquiring in Nigeria.
1.0 Regulatory Requirements for Non-Bank Acquiring In Nigeria
The objectives of this document are to:
Establish Non-Bank Acquiring as a regulated service.
Provide minimum standards and requirements for the operations of Non-Bank Acquiring in Nigeria.
This Regulatory Framework shall guide activities of the participants in the provision of the operations of Non-Bank Acquiring in Nigeria. Participants are grouped into three (3) categories:
1. Acquiring Banks
2. Card Schemes
2.0 Roles and Responsibilities of Non-Bank Acquirers
The Non-Bank acquirer shall implement policies that include the minimum standards established by Card Scheme to mitigate risk to the Card Scheme payment system. The policies must be approved by the acquirer’s Board of Directors or an appropriate senior executive Committee. Policies must be made available to Card Scheme upon request.
2.2 Merchant Agreements
The Non-Bank acquirer shall utilize merchant agreements that meet Card Scheme minimum requirements for disclosure and clearly define both acquirer and merchant obligations. It should also ensure merchant agreements in use by the acquirer and third party agents, including subsequent updates are reviewed and approved prior to their use. In addition, it should have a merchant agreement in place with each merchant before transaction services are provided.
2.3 Merchant Underwriting
The Non-Bank acquirer shall:
Control merchant approvals per pre-determined policies and procedures.
Provide Card Scheme acceptance priviledges in accordance with the Card Scheme Rules.
The Non-Bank acquirer shall maintain adequate risk controls to monitor merchant activity to ensure compliance with the Card Scheme Rules and prevent undue harm to the acquirer, customers and the Card Scheme.
2.5 Third-Party Agent Risk
The Non-Bank acquirer shall conduct due diligence on all third party agents prior to registration, in accordance with the Card Scheme Third Party Agent Due Diligence Risk Standards. It shall also perform ongoing monitoring and oversight of third party agents to control the agent relationship and its activities. Furthermore, shall ensure that third party agents are aware of the acquirer’s policies and requirements to remain in compliance with Card Scheme Rules.
2.6 Settlement Arrangements
An acquirer’s agreement with the merchant must state that the acquirer' is responsible for providing settlement funds directly to the merchant.
The security and handling of merchants’ funds is a fundamental acquirer’s responsibility.
Acquirers have direct responsibility for settlement to merchants.
Agents are not permitted to directly access or hold merchants’ funds, whether from settlement or reversals.
Reserves collected to guarantee a merchant’s Card Scheme payment system obligations must be held and controlled by the acquirer. Acquirers must hold and control reserves that are accumulated and derived from merchant settlement funds or used to guarantee a merchant's payment system obligations to the acquirer. vi. The Non-Bank acquirer shall process the payment of funds to its merchants in a proper and timely manner. Regardless of any contractual limits of liability between a member and its agents.
Card Scheme holds the Non-Bank Acquirer responsible for controlling all aspects of merchant funding process.
Acquirers must provide settlement funds directly to the merchant, or payment facilitator on behalf of sponsored merchants, promptly after transaction receipt deposit. ix. Merchant funds payments must be the same as the transaction totals, less any chargebacks, credit transaction receipts, or other agreed fees and discounts.
x. The acquirer must not waive, release, abrogate, or otherwise assign to a nonmember/agent its obligation to guarantee and ensure payment for all transactions in which the merchant honoured a valid Card Scheme Card properly presented for payment. xi. An acquirer must have controls in place related to establishing and changing merchant bank accounts where settlement funds are deposited, including controls to:
Prevent a new bank account number from being established by an unauthorized party to divert merchant funds.
Confirm or review all bank account changes, including changes completed by authorized third parties.
The application for license by the entity engaging in Non-Bank acquiring must be sponsored by a minimum of three (3) Acquiring banks, where settlements shall be domiciled.
2.8 Card Scheme License/Approval
The entity must obtain the licence/approval of every Card scheme it wishes to acquire its transactions
Non-Bank acquirers shall develop and provide an appropriate governance structure, to manage the risk inherent in the acquiring service. There must be documented and approved policies in place; which support the risk management function and also highlight the acquiring program strategy, including targeted merchant segments, various entities/agents involved, their responsibilities, likely risks and mitigation procedures.
Non-Bank acquirers must have the ability to perform due diligence before on-boarding new merchants. Merchant history as well as checks, against various databases, credit reports, personal and business financial statements, and income tax returns of the business and their owners to determine if there were previous fraud, litigation, AML, high chargeback, etc. iii. Non-Bank acquirers must have a process to ensure adequate merchant agreements are effected.
iv. Non-Bank acquirers must demonstrate their compliance to all applicable security standards and they should ensure all merchants, agents and other third parties that store, transmit and use sensitive card data are PCI DSS certified.
The CBN requires the following of companies intending to provide Non-Bank Acquiring in Nigeria. It will review the adequacy of the company’s submissions and provide feedback:
I. The company must be a CBN approved Processor and/or Switch II. Provide the following documentation:
Card Scheme license/approval
Due Diligence and Merchant Onboarding Process
Merchant Risk Monitoring Framework
Sponsorship letter from three (3) Acquiring banks
Draft merchant agreements
Details of its settlement arrangements
SLA with Acquirer Bank
The CBN shall terminate a Non-Bank Acquirer’s Licence based on the following:
Fails to meet the conditions for renewal of operating license as a Switch or TPP in Nigeria
Dissolution of Card Association Agreement
Inability to maintain relationship with at least two (2) Card Associations
Operational failures that lead to significant losses/fraud
Any other reason(s) that may be determined by the CBN from time to time
Related News7. CBN Issues Regulations for Transaction with Authorized Dealers in Renminbi