The Central Bank of Nigeria (CBN), has instructed deposit money banks (DMBs) and financial technology companies (Fintechs) to obtain the consent of their customers before sharing their data with a third party.
The directive is contained in the apex bank’s “Operational Guidelines For Open Banking In Nigeria” released for May 2022.
Open banking requires that banks share their customers’ data with other competing financial institutions for the purpose of marketing and deployment of digital banking products and services.
In the guidelines, the CBN instructed “bank customers’ consent be obtained in the same form the agreement was presented and a copy of the consent of the customer shall be made available to the customer and preserved by the participants.”
The apex bank indicated that participants in open banking shall adhere strictly to security standards when accessing and storing data, and shall be subject to minimum privacy, operational, risk management and customer experience standards.
The CBN added that henceforth, the consent of the customer shall be re-validated annually, stating that where the Application Programming Interface Consumer (AC) had not used the service for 180 days, the participant shall ensure that the connection is configured to terminate upon expiration of the consent.
According to the guidelines, appropriate customer authentication methods such as multi-factor authentication shall be established to reduce the chance of identity theft or fraud.
It also directed that customers shall always have control over their data and be able to access, manage or withdraw their consent at any point in time. It also states that participants shall develop and agree on a consent management mechanism which includes a clear set of policies and procedures.
The CBN recognised the existence of an ecosystem for Application Programming Interface (API) in the banking and payments system.
It said it was also aware of various efforts in the industry to develop acceptable standards among stakeholders.
The apex bank in collaboration with industry stakeholders developed the guidelines in line with the provisions of the regulatory framework.
“The Regulatory Framework for Open Banking in Nigeria established principles for data sharing across the banking and payments system to promote innovations and broaden the range of financial products and services available to bank customers,” the CBN said.
”As a result, open banking recognises the ownership and control of data by customers of financial and non-financial services, and their right to grant authorisation to service providers for the purpose of accessing innovative financial products and services. This is anticipated to drive competition and improve accessibility to banking and payments services,” it added.