BY CHUMA AKANA
Open banking is simply defined as a system where data is shared between banks, investment firms, fintechs or other third-party applications, through the use of an application program interface (API ). It is widely accepted that traditional banking models can be leveraged to provide more customer-friendly services and options, and one such innovative way is to use open banking properly. In February 2021, the Central Bank of Nigeria released a regulatory framework for the operation of open banking in Nigeria, and the framework establishes principles for data sharing in the banking and payments ecosystem, which will foster innovation , expand the range of financial products and services, and most importantly, deepen financial inclusion.
Under an open banking regime, participants will be able to upload and share information about account balances, payments, transactions and investments. Open banking also extends to cases where a third-party application may be authorized to initiate transactions from a customer’s account, such as sending payments or withdrawing money. Proponents also argued that financial services could be more personalized to an individual’s behaviors and lifestyle, thus making banking services more efficient and useful for the consumer. Indeed, a range of financial technology “tools” will make dealing with money more convenient, simpler and faster.
With such enormous potential, there is a need for adequate guidelines to regulate and monitor the open banking space in Nigeria. This is all the more important as customer data will be shared by all players in the ecosystem; therefore, guidelines that promote fairness and data security are important. In its regulatory framework, CBN has classified the open exchange of data and services through the API as product and service information touchpoints, market information transactions, personal information and financial transactions. , and profile analysis/scoring transactions, and prescribed a risk rating for each of them. categories. The regulatory framework also provided participants’ level of risk management maturity for the previous categories and data and API access requirements, as well as roles and responsibilities of participants, including provider, consumer, fintechs and the developer community.
One of the key elements of the open banking regulatory framework is the operation and maintenance of the open banking register. To further strengthen open banking, the CBN issued its Operational Guidelines on Open Banking in May 2022, where the Open Banking Register is defined as a public repository for details of registered participants. The OBR should be maintained with the aim of providing regulatory oversight of participants, improving the transparency of open banking operations, and ensuring that only registered institutions operate within the banking system ecosystem.
By comparison, India’s open banking policy is largely facilitated by account aggregators, which were developed by the Reserve Bank of India through a branch. Account aggregators are impartial third-party operators and are only channels through which data will flow based on consent, as they are not authorized to access, store or use the data they process. They are impartial third-party operators and operate a strict consensus model, where there is an authorization agreement between the client, the bank and themselves.
Once a customer has consented that their specific data can be shared with a particular Fintech who requests it for the mentioned purposes for a certain period of time, account aggregators obtain it from the bank holding the data and transmit them to the Fintech Company (FC). On this basis, the FC can offer new financial services to the consumer. Customers also have the option to revoke their consent with respect to time period, fintech and particular data shared.
The model is very similar to what exists in the UK, where the open banking regime is regulated by the government through the Open Banking Standard, which is part of the Open Banking Implementation Entity, in which a sharing framework data or API is prescribed and enforced by independent parties. , to address competition concerns. On the other hand, the open banking framework in the United States is largely industry-oriented, although the country is considering a possible regulatory mechanism.
For fintech companies, open banking could help lenders get a more accurate picture of a consumer’s financial situation and risk level in order to offer more cost-effective loan terms. It could also help consumers get a more accurate picture of their own finances before they go into debt. For example, a mortgage app for customers looking to buy a property could automatically calculate what customers can afford based on all the information in their accounts. Open banking can also help small businesses save time with online accounting and help fraud detection firms better monitor customer accounts and identify problems earlier.
This will open up a huge market for tech companies involved in embedded finance, as these startups may need to re-engineer their business and work closely with banks to scale the business. This will help these startups improve customer journeys, access customer data, increase customer lifetime value, and create new revenue streams.
However, convenience and simplicity can come at the cost of losing control of a customer’s money, reduced privacy/security, and a more complex marketplace. One of the main challenges of open banking is data policy, which is to ensure that access to personal data is handled according to the preferences of the data subjects. In Nigeria, the Nigerian Data Protection Regulations (NDPR) establishes the obligations of the controller and processor to ensure that the rights of the data subject are respected when data is transferred for analytical purposes and value extraction. The CBN Operational Directive provides that consumers of APIs must comply with the Nigerian Data Protection Regulations or any data protection regulations issued by the CBN for financial institutions to protect customer data.
Under the Directive, consent is required from customers whose data may be required by a service provider to benefit from financial products and services. For consent obtained from a customer to be valid, the guidelines provide that the API consumer must fully and completely disclose their identity to the customer, among other requirements.
Further, API providers will only share a customer’s information with an API consumer upon presentation of valid proof of consent by the customer, and will need to authenticate that consent to ensure that it is from his client. Authentication of end users and validation of information to be shared with the API consumer must be performed directly by the API provider using prescribed authentication mechanisms. In addition, API consumers must comply with existing Anti-Money Laundering (AML) and Anti-Terrorist Financing (CFT) regulations in banks and other financial institutions in Nigeria.
In conclusion, the operational guideline aims to ensure that open banking players use security systems to protect consumer data, and that consumers have full control over the information they wish to make available to third-party companies. It is now up to fintech companies to leverage this initiative to deepen financial inclusion and provide better banking services to customers. Globally, the adoption of open banking has led to the deepening of banking API platforms by financial institutions, leading some banks to go fully digital, the transformation of several payment/lending fintechs into neobanks, to the verticalization of finance, as traditional financial activities will be vertically customized to the needs of each industry, launch and entry of international neobanks focused on SMEs/unbanked, and widening the fintech financing round.
Chuma Akana, managing partner of Chester Law LP, has his area of practice in Fintech and intellectual property law. He can be reached via [email protected], and is on Linkedin at www.linkedin.com/in/chuma-akana