The Central Bank of Nigeria released its Regulatory Framework for Open Banking in Nigeria in 2021. Open banking enables customers to authorise the sharing of their financial data with third-party providers (TPPs), facilitating the development of new financial products and services built on top of bank data.
What Is Open Banking?
Open banking is the practice of making customer financial data available via application programming interfaces (APIs) to authorised third parties, with the customer consent. The data that can be shared includes account information (balance, transaction history) and payment initiation capabilities.
The CBN Open Banking Framework
The CBN framework establishes a tiered structure for open banking participants. Tier 1 (Read Access): participation is mandatory for all banks. Banks must make customer account information available via APIs to authorised TPPs with customer consent. Tier 2 (Write Access): participation is optional but regulated. This tier allows TPPs to initiate payments from customer accounts.
Authorisation of Third-Party Providers
Third-party providers that wish to access bank data under the open banking framework must be authorised by the CBN. The authorisation process requires TPPs to demonstrate their technical competence, financial soundness, and compliance with cybersecurity and data protection standards.
Customer Consent
Customer consent is the foundation of open banking. No data may be shared with a TPP without the explicit consent of the customer. Consent must be informed, specific, freely given, and revocable. The consent framework must comply with the NDPA as well as the CBN open banking framework.
Data Security and Liability
Both banks and TPPs bear responsibility for the security of customer financial data. A data breach involving shared financial data may trigger obligations under both the NDPA and the Cybercrimes Act simultaneously. Businesses need to have a coordinated response plan that addresses both sets of obligations.
Conclusion
Open banking presents significant commercial opportunities for banks and TPPs alike. However, the legal and regulatory obligations that accompany these opportunities are substantial. Businesses entering the open banking space should invest in legal counsel at the design stage, not after the product is built.
This article is for general information only. For regulatory advice on open banking, contact Marturion Legal.