Central Bank of Nigeria (CBN) has ordered the regulated entities to engage and give customers notices of outstanding obligations prior to the commencement of debt collection.
They are also to initiate foreclosures only when other recovery options have been unsuccessful – and give customers the option of a private sale, to be exercised within 30 days before commencing foreclosure, except where the customer waived the right.
The apex bank said financial services providers must ensure that the net proceeds from foreclosures were immediately applied to the loan account and customers informed of the balance.
Banks are to provide customers with a report of the sale of the collateral, CBN said. At a minimum, the report shall state the process, proceeds, incidental expenses, and net proceeds.
The banks shall also be liable for the actions of their agents engaged for debt collection, according to the central bank.
They are also not to contact friends, employers, relatives, or neighbours of a customer for any information other than information on employment status, telephone numbers or address, except where the person has guaranteed the loan or has consented to be contacted.
The revised document further mandates banks to protect customers’ assets against fraud or misuse at all times and be liable for losses arising from breach of required controls.
They are to test product suitability with consumers and make necessary modifications to reduce the incidence of fraud or transaction errors.
Essentially, they are required to implement measures across transaction channels and enable a multi-variant customer identification and multi-factor authentication mechanisms for transactions consummated. Also, automated transaction monitoring, alert functions, and behavioural monitoring to detect and prevent fraud are to be installed, with customers sensitised on fraud threats or scams.
The FSPs are required to state and periodically communicate procedures for reporting suspicious, unauthorised, fraud, lost or stolen payment instruments and/or authentication information to consumers.
They must also provide secure and simple user interfaces for digital financial services that will minimise the risk of mistake or double transactions.
On consumer data protection, the central bank mandated banks to protect the privacy and confidentiality of consumer information and assets against unauthorised access and be accountable for acts or omissions in respect thereof.
They must also embed personal data protection in the design of products or systems and obtain written consent of consumers to collect and process their personal data for specific purposes and provide them with the option to withdraw the consent at any time.
FSPs are not to share personal data of consumers to a third party without their express consent, and they must provide details of information to be shared – and are requested to design clear and simple “Opt-in” and “Opt-Out” options for data sharing with third parties.
The CBN noted that the financial services industry had undergone significant transformation with evolving market trends, proliferation and widespread adoption of technology in the delivery of a broad range of financial products and services through digital channels.
It said while these changes had provided enhanced consumer choices, convenience, and accessibility, they had also exposed consumers to new challenges and risks.
According to the apex bank, “Safeguarding the interests and ensuring greater protection of consumers in the evolving financial services landscape necessitated the review of the 2019 Consumer Protection Regulations.”
The apex bank noted that the objective was to promote a safe, trustworthy and consumer-friendly financial services environment by promoting transparency and disclosure through the provision of accurate and clear information to consumers in a timely manner.
It also serves to protect consumers from unethical and predatory practices that undermine confidence in the use of financial products and services, CBN said.