CBN directs banks, fintech companies to seek customer consent before sharing personal data

The Central Bank of Nigeria (CBN) has directed commercial banks, and Fintech companies not to share customers’ data without their consent.

The apex bank stated this in its “Operational Guidelines For Open Banking In Nigeria” released for May 2022.

Open banking requires that banks share their customers’ data with other competing financial institutions for the purpose of marketing and deployment of digital banking products and services.

In the guidelines, the CBN instructed “bank customers’ consent be obtained in the same form the agreement was presented and a copy of the consent of the customer shall be made available to the customer and preserved by the participants.”

The apex bank indicated that participants in open banking shall adhere strictly to security standards when accessing and storing data, and shall be subject to minimum privacy, operational, risk management and customer experience standards.

Read also: African central banks’ handling of fintech companies worries investors

The CBN added that henceforth, the consent of the customer shall be re-validated annually, stating that where the Application Programming Interface Consumer (AC) had not used the service for 180 days, the participant shall ensure that the connection is configured to terminate upon expiration of the consent.

According to the guidelines, appropriate customer authentication methods such as multi-factor authentication shall be established to reduce the chance of identity theft or fraud.

It also directed that customers shall always have control over their data and be able to access, manage or withdraw their consent at any point in time. It also states that participants shall develop and agree on a consent management mechanism which includes a clear set of policies and procedures.

The CBN recognised the existence of an ecosystem for Application Programming Interface (API) in the banking and payments system.

It said it was also aware of various efforts in the industry to develop acceptable standards among stakeholders.

The apex bank in collaboration with industry stakeholders developed the guidelines in line with the provisions of the regulatory framework.

“The Regulatory Framework for Open Banking in Nigeria established principles for data sharing across the banking and payments system to promote innovations and broaden the range of financial products and services available to bank customers,” the CBN said.

”As a result, open banking recognises the ownership and control of data by customers of financial and non-financial services, and their right to grant authorisation to service providers for the purpose of accessing innovative financial products and services. This is anticipated to drive competition and improve accessibility to banking and payments services,” it added.

Join the conversation

Opinions

Support Ripples Nigeria, hold up solutions journalism

Balanced, fearless journalism driven by data comes at huge financial costs.

As a media platform, we hold leadership accountable and will not trade the right to press freedom and free speech for a piece of cake.

If you like what we do, and are ready to uphold solutions journalism, kindly donate to the Ripples Nigeria cause.

Your support would help to ensure that citizens and institutions continue to have free access to credible and reliable information for societal development.

Donate Now