INTRODUCTION
The financial Technology (Fintech) space in Nigeria is comprised of businesses offering servicesbordering on mobile payments, digital banking, personal finance, just to name a few. According to a McKinneyReport released in September 2020, Nigeria is home to over two hundred(200)FintechCompanies. The recent success of fundraising rounds of some fintech companies show the level of success the companies are recording as regards raising finance. In this article, we will examine the regulatory landscape of fintechcompanies as well as the accompanying responsibilities.
The main regulators in the Nigerian Fintech space are:
- The Central Bank of Nigeria (CBN),
- The Nigerian Deposit Insurance Corporation (NDIC),
- The Securities and Exchange Commission (SEC),
- The Corporate Affairs Commission (CAC),
- The National Information Technology Development Agency (NITDA),and
- The Federal Competition and Consumer Protection Commission (FCCPC).
- The Central Bank of Nigeria (CBN):
The Central Bank of Nigeria is primarily responsible for regulating financial services in Nigeria. They are saddled with the duties of issuing licenses, permits, codes of conduct and regulations involving financial institutions in Nigeria, including Fintech companies. The CBN carries out these duties through The Banks and Other Financial Institutions Act (BOFIA). A breach of the rules and regulations issued by the CBN to govern the conduct of fintech companies could lead to imposition of fines or suspension of operating licenses ofsuch erring companies, as seen with the recent ban of some fintech companies for contravening CBN's directives. An example of a CBN regulation governing fintech companies is the Risk-Based Cyber Security Framework and Guidelines for deposit money banks and payment services providers of 2018. The regulation imposes the duty of fintech companies to ensure that their platforms are not prone to cyber attacks. Compliance with this regulation is equally important, not just because it emanates from the apex body governing financial institutions in Nigeria, but also because the success of the fintech companies greatly relies on cyber security and data protection.
- The Nigeria Deposit Insurance Commission (NDIC):
The NDIC is responsible for insuring all deposit liabilities of all corporate entities offering financial serviceswhich includes licensed banks and bodies who receive depositors’ money in the country. Payment Service Banks (PSBs) are corporate entities licensed to facilitate money transfers to and from unbanked customers in different locations in Nigeria. Fintech companies which engage in offering services which falls within the purview of PSBs are mandated to register with the NDIC according to Section 15 of the NDIC Act of 2006.
- The Securities and Exchange Commission (SEC):
The SEC regulates activities of companies that offer services in the Capital Market as empowered by the Investments and Securities Act (ISA) of 2007. Fintech companies which offer services in the capital market space and other areas regulated by SEC are mandated to register with the SEC or risk being imposed with a fine or even suspended. The recent guidelines released by the SEC on Crowdfunding and Digital Assets (Cryptocurrency) shows that the commission is consistently keeping up with modern realties and ensuring that the fintech space is properly regulated as empowered by law.
- The Corporate Affairs Commission (CAC):
The CAC is saddled with the responsibility of keeping the register of all companies, businesses and non-governmental institutions in Nigeria. This is a requirement for any corporate entity to function properly in Nigeria. Fintech companies are not left out, as they are registered with the CAC as is mandated by law. The CAC operates in accordance with the provisions of the Companies and Allied Matters Act (CAMA) of 2020.
- The National Information Technology and Development Agency (NITDA):
The NITDA is charged with the responsibilityof Data protection and Management in Nigeria. NITDA issued the Nigeria Data Protection Regulations (NDPR)2019 and its implementation framework. Subsequently, the Nigeria Data Protection Bureau (NDPB) was establishedto enforce the implementation of the provisions of the NDPR. Data protection is gaining attention globally and this is occasioned with the global use of technology. Advancement in technology has increased accessibility to people’s databases which has exposed people’s personal data to all forms of cyber crimes, hence the need for stringent regulations to aid cyberprotection. Fintech companies have access to customers’data; thus, it is necessary for fintech companies to ensure that they are data protection compliant. The recent fine imposed on some loan facility companies by NITDA for breaching data policies, is an example of NITDA exercising its regulatory oversights on these companies. Some data protection obligations of Fintech companies include:
- Providing a legal basis for processing personal information;
- Documentation of all data processing activities;
- Notify users on their platform of the privacy policy that governs the use of theirplatforms;
- Implementation of data protection compliance system(s);
- Implementation of security measures to protect all data collected;
- Designation of data protection officer(s) for protection purposes; and
- Regular conduct of data audit procedures in compliance with NITDA directives.
- Federal Competition and Consumer Protection Commission (FCCPC):
The FCCPC ischarged with the protection of consumers’ rightsin Nigeria. They fight against exploitations and unfair practices aimed at consumers. They also prohibit unhealthy Anti-Competitive practices by corporate entities including companies operating within the fintech space. They are empowered through the Federal Competition and Consumer Protection Act.
Furthermore, fintech companies are saddled with the responsibility of ensuring that their companies are Anti-Money Laundering (AML) compliant by obeying the provisions of the Anti- Money Laundering (Prevention and Prohibition)(AML)Act 2022, which was recently signed into law. The bodies saddled with the responsibility of enforcing The AML areThe Economic and Financial Crimes Commission (EFCC), the CBN and The Special Control Unit. Anti-Money Laundering requirements of financial institutions which also include Fintech companies, are:
- Designation of an AML compliance officer;
- Identification of AML regulations and offences;
- Report ofsuspicious money launderingtransactions ;
- Reporting requirements;
- Customer Due Diligence (KYC);
- Risk-Based approach to AML; and
- Active record-keeping and retention policies.
To operate in Nigerian fintech space, fintech companies must conform with the prevailing regulatory requirements and take note of new regulations as they affect their operations.
CONCLUSION
In conclusion, fintech companies are required to be regulatory compliant. However, it has been argued by some experts that fintech companies are heavily regulated and that over-regulation stifles their growth.
While we agree that all regulators within the fintech space need to work in unison to avoid role duplication, it is our opinion that company growth is not solely dependent on compliance related factors but a combination of other important factors, including accountability, transparency, effective marketing strategies. As lawyers, we strongly advocate that Nigerian fintech businesses should ensure that they embrace corporate governance and best practice standards always.
Leave Comment