KEEPING UP WITH FOREIGN EXCHANGE REGULATIONS: NEW CBN MEASURES FOR INTERNATIONAL MONEY TRANSFER OPERATORS (IMTOs)

/in /by

By Aderonke Alex-Adedipe and Hillary Okorotie

DOWNLOAD PUBLICATION

Introduction

In an effort to improve foreign exchange liquidity in the country, the Central Bank of Nigeria (CBN), as the primary regulator of the Nigerian banking industry, has continuously introduced policies and issued circulars to financial institutions and foreign exchange operators. On January 31, 2024, the CBN published updated licensing and operational guidelines for International Money Transfer Operators (IMTOs) (them “Guidelines”), restricting some of their operations. Similarly, on June 24, 2024, the CBN issued a new circular (the “New Circular”) introducing measures aimed at facilitating remittance flows through official channels and improving the efficiency of the foreign exchange market.

This newsletter highlights some of the provisions of the New Circular and its implementation plan.

International Money Transfer Operators and the Scope of their Operations

International Money Transfer Operators (IMTOs) are companies authorized by the Central Bank of Nigeria (CBN) to facilitate the transfer of funds from individuals or entities abroad to recipients in Nigeria. They enable seamless cross-border financial transactions, providing a reliable means for people living overseas to remit foreign exchange to their families, friends, or business partners in Nigeria.

By the provisions of the Guidelines, IMTOs are only permitted to conduct inbound international money transfer transactions and other categories of transactions. They are specifically prohibited from conducting outbound transactions or buying foreign exchange from the domestic market for settlement. They must adhere strictly to these specified activities and are not allowed to engage in any other business.

Key Introductions in the New Circular

The CBN in the New Circular now provides that eligible IMTOs will be able to directly access the CBN window or operate through their Authorized Dealer Banks (ADBs) to execute and settle foreign exchange transactions. Therefore, IMTOs will be able to trade on the official market. This will enable the improvement of local currency liquidity.

The CBN in its circular outlined several requirements which IMTOs are required to comply with. They include;

a. Transactions executed and confirmed on any trading day will have the option for same-day settlement, provided they are conducted before 12 noon on the same day.

b. Transactions with the CBN shall be priced at the prevailing Nigerian Autonomous Foreign Exchange Market (NAFEM) rate.

c. All participants, including IMTOs and ADBs, are mandated to submit dailyregulatory returns to the CBN. These reports must include comprehensive details on the sources of funds, ensuring accountability and regulatory compliance.

d. IMTOs interested in taking advantage of the provisions of the New Circular are required to confirm their partner ADBs and provide them with standard settlement instructions.

These requirements are intended to provide a seamless implementation of the new measures and ensure operational processes.

Conclusion
The provisions of the New Circular represent a significant step towards ensuring foreign exchange liquidity. By providing IMTOs with direct access to the CBN window and enforcing stringent regulatory and reporting requirements, the CBN intends to improve efficiency and operations of IMTOs in the Nigerian market. These initiatives are expected to streamline remittance flows, ensuring that funds are swiftly and securely channeled through the official channels.

For further information and compliance details on the guidelines regulating IMTO’s please see our previous newsletter.

DATA PROTECTION IN NIGERIA – DRAFT GENERAL APPLICATION AND IMPLEMENTATION DIRECTIVE

/in /by

By Seun Timi-Koleolu and Ebikeniye Best

DOWNLOAD PUBLICATION

Introduction

In a bid to further tighten the nuts and bolts of data protection in Nigeria, the Nigeria Data Protection Commission (the “Commission”) published on May 31, 2024, a draft General Application and Implementation Directive (the “Directive”) which is to guide the interpretation and implementation of the provisions of the Nigeria Data Protection Act (the “Act”). For more information on the Act, please see our previous newsletter.

In this article, we have provided useful information in connection with the Directive.

1.The scope and applicability of the Directive

The Directive applies to data controllers, processors and data subjects as set out below.

a. Data controllers or processors that process or target the personal data of data subjects in Nigeria.

b. Data subjects whether Nigerians or foreigners who reside in Nigeria

c. Nigerian citizens who reside outside Nigeria.

d. Data subjects whose personal data are transferred to Nigeria

e. Data subjects whose personal data are in transit through Nigeria to other jurisdictions, provided that the data controller or processor’s obligation to transfer such data is limited to confidentiality, integrity and availability.

2.Introduction of the material context of data processing

The Directive introduces a general duty of care on persons and organisations that process personal data to examine the material context of its processing of personal data and to ensure that such processing is consistent with the constitutional right to privacy.

It also states that the duty of care is tied to items listed under the exclusive legislative list in the Nigerian Constitution. It is however unclear how the exclusive legislative list is to apply to this provision.

3.Additional obligations of Data Protection Officers (DPOs)

The Directive requires a DPO to compile a semi-annual data protection report and submit same to the management of its company. This report is to form part of the Record of Processing Activities of the company, which is to be verified by the Data Protection Compliance Organisation during the  audit.

The Commission is also required to conduct an annual assessment for DPOs to ensure that they continue to maintain the level of professionalism required to carry out their responsibilities.

4.Lawful basis for processing personal data

As stated in our previous newsletters, a data controller or processor is required to rely on any of the lawful basis for processing personal data, which are consent, contract, legitimate interest, vital interest, legal obligation and public interest.

The Directive provides further guidance on the various lawful basis, including the following:

a. Contract – where data is obtained as part of the preliminary stage (due diligence) of a contract and a substantive agreement is not entered into, the collected personal data is to be destroyed within six (6) months.

b. Consent – when relying on consent, it must be for a lawful purpose and the data controller or processor is required to make the process of withdrawing consent easy. In addition, where cookies are used on any website the consent of the data subject is to be freely given, informed and specific.

c. Legal obligation – some instances where this can be relied on include where there is a duty imposed by law; or an order of a court of competent jurisdiction.

5.Additional provisions on Data Privacy Impact Assessment (DPIA)

The Directive provides instances where a DPIA is to be conducted. One of the instances include where a new technology is introduced on a large scale which may result in unintended, adverse consequences to the lives and livelihood of data subjects, or their fundamental rights and freedom become threatened.

Conclusion

The information provided above is not exhaustive as the Directive provides more guidance on the various provisions of the Act including the right of data subjects and cross-border transfer of personal data. There are however a few provisions in this Directive which are unclear, such as the provision which connects the duty of care required for processing data to the exclusive legislative list contained in the Nigerian Constitution as mentioned in 2 above. We expect that when the final Directive is published, such provisions will be clarified.

 

 

 

KEY REGULATORY CONSIDERATIONS FOR OPERATING A MONEY LENDING BUSINESS IN NIGERIA

/in /by

By Aderonke Alex-Adedipe and Sharon Okpo

DOWNLOAD PUBLICATION

Introduction

Money Lending in Nigeria has evolved from traditional banking to a more flexible and technology-driven system which accommodates FinTechs and other digital companies, and has allowed for more convenience, speed, and efficiency. Following the evolution of money lending in Nigeria, there grew the need to regulate the activities of entities and their relations with borrowers. In this publication, we highlight some regulatory and compliance considerations which are relevant to establishing and operating money lending businesses in Nigeria.

  1. Who can Offer Money Lending Services in Nigeria?

In addition to the traditional banks such as the Deposit Money Banks (DMBs) and Microfinance Banks (MFBs), money lending services can also be offered by finance companies, corporative societies, and financial technology companies operating through a money lenders’ licence to carry out such activity.

  1. What are the Regulatory Concerns to Note in the Money Lending Business in Nigeria?

There are various regulatory and compliance issues to navigate in the operation of a money lending business. Some of these regulatory and compliance concerns are highlighted below:

    1. Licensing

Any entity wishing to carry on the business of money lending in Nigeria is required to obtain a Money Lending License. This license permits the holder to carry on money lending activities only in the state where it was issued. The Money Lender’s License is typically issued by the Ministry of Home Affairs in each state in Nigeria and is regulated by the money lending law applicable in each state. It is important to note that the license once issued expires on the 31st of December every year, regardless of the date of issuance.

Institutions such as deposit money banks, microfinance banks, merchant banks and finance companies are exempt from applying for a money lender’s license, as the relevant operating licenses issued by the Central Bank of Nigeria (CBN) and other regulating authorities also permit them to provide lending services to their customers.[1]

b. Registration with the Federal Competition and Consumer Protection Commission (FCCPC)

Further to the “Limited Interim Regulatory/Registration and Guidelines for Digital Lending 2022” (“Framework”) issued by the FCCPC, entities intending to carry on the business of digital lending in Nigeria are required to register with the FCCPC. Our previous newsletter highlights the requirements for the registration of a digital lender with the FCCPC. An approval must be obtained from the FCCPC before such entity may continue or commence the business of digital lending in Nigeria. Such registration is a one-time registration and requires compliance with the Framework to sustain the permit.

Where an entity proceeds to commence the business of digital money lending without this registration, such entity runs the risk of being banned from operating a money lender and having its lending mobile application delisted from the relevant digital distribution service hosting the mobile lending application (e.g. Google Play Store, or Apple Store).

It is important to note that entities which are exempt from applying for a money lender’s license are also exempt from applying for registration with the FCCPC. Such entities are however required to apply to obtain an exemption from the FCCPC on the basis that they are CBN regulated entities.

c. Consumer Protection

The FCCPC, in keeping with its mandate to safeguard the rights of consumers in Nigeria has set measures in place to deter digital lenders from exploiting consumers, or engaging in abusive conducts, in respect of balance calculations, loan default enforcement and recovery processes.

Digital money lenders are also required to develop and implement policies and systems aimed at protecting the rights of consumers of their services. In the engagement of money recovery agents, money lenders should ensure that the agents are not harassed and abused in an attempt to recover debts owed by consumers. Where necessary, the money lender should also enter into agreements with recovery agents which should contain provisions safeguarding the rights of the consumer/borrower.

Money lenders are also required to ensure transparency and accountability with the consumers, especially with respect to interest rates, penalties, mode of calculation, and disclosure of all charges.

Under the FFCPC Act, 2018 (FCCPA), the money lender is required to avoid unfair, unreasonable and unjust terms in its loan contract, such as waiver of any rights or assumption of obligation by the consumer and terms that limit or exempt the money lender from any loss directly or indirectly caused by its gross negligence.

The CBN Consumer Protection Framework also provides for minimum standards to be observed by financial institutions to adequately address customer complaints. Financial institutions are required to be transparent in their relations with customers, and to establish effective complaint channels.

d. Data Protection

As is the case with all entities collecting and processing personal data of Nigerian citizens, it is important that digital money lenders acknowledge and observe the requirements of relevant data protection laws in Nigeria, especially the Nigeria Data Protection Act, 2023 (NDPA). This is especially as digital money lenders utilize data provided by the borrowers for various processing activities including verification of identity, credit rating and assessment, marketing, etc.

There is an obligation on the money lender to observe all the provisions of the NDPA including informing the borrower of the data being collected and processed, the purpose for processing, details of any third-party with whom such data will be shared and obtaining the consent of the borrower before commencing any processing activity in respect of such personal data collected.

Furthermore, the CBN Consumer Protection Framework prohibits the disclosure of customer’s data by financial institutions that are regulated by the CBN.

e. Anti-Money Laundering /Combating Financing of Terrorism (AML/CFT) Requirement

Digital money lenders, especially those regulated by the CBN, are also required to observe and establish a governance framework that shows their commitment to adhere to AML/CFT regulations, and set up internal controls to mitigate against the risk of money laundering and terrorism financing.

Consequently, money lenders are required to have policies on AML/CFT; develop appropriate and effective know-your-customer (KYC) requirements; and implement internal controls to avoid the use of their facilities for money laundering and terrorism financing.

Money lenders are also required to identify and verify the identity of their customers prior to the disbursement of any facility. It is also important that the money lenders determine the categories of data/information required to conduct satisfactory customer due diligence, and the extend of such due diligence, especially putting into consideration the level of risk such customer may pose to the lender.

Conclusions The above list is not exhaustive, and it is advised that entities stay up to date on regulatory and compliance requirements for their operations as money lenders. It is also important that there are periodic upgrades and improvements to their governance framework, policies, and systems set in place in furtherance of any regulatory or compliance requirement as a money lender.   [1] For more information on this, please see our previous newsletter highlighting the operational limitations of these financial institutions.  

AVOIDING CORPORATE MISSTEPS: KEY QUESTIONS ANSWERED FROM THE REVOCATION OF THE HERITAGE BANKING LICENSE

/in /by

By Seun Timi-Koleolu and Olawale Atanda

Download Publication

Introduction

On June 3, 2024, the Central Bank of Nigeria (CBN) revoked the banking license of Heritage Bank PLC. According to the CBN, this decision was taken in accordance with its mandate to promote a sound financial system in Nigeria and in exercise of its powers under Section 12 of the Banks and Other Financial Act 2020 (BOFIA).

The CBN stated that the bank’s inability to improve its financial position posed a threat to the stability of the financial ecosystem and the CBN was compelled to take the decision in order to strengthen public confidence in the banking system and ensure the soundness of the financial sector. Further to this, the Nigeria Deposit Insurance Corporation (NDIC) was appointed as the liquidator of the bank in accordance with Section 12 (2) of BOFIA.

In this article, we answer pertinent questions about the factors leading to the revocation of the license of Heritage Bank and discuss the essential lessons businesses, especially fintechs, can learn from this crisis to avoid similar pitfalls.

  1. What led to the revocation of Heritage Bank’s license?

In its public notice announcing the revocation, the CBN stated that Heritage Bank had breached Section 12(1) of the BOFIA, which outlines various infractions that can lead to the revocation of a bank’s license. Although the CBN did not specify the exact infraction, the NDIC highlighted that the bank’s loans exceeded its customer deposits. Additionally, public reports based on the audited annual report of the bank indicated that over 80% of the bank’s loans were non-performing. These issues and more likely  contributed to the CBN’s decision to revoke the bank’s license.

  1. What will happen to the deposits of Heritage Bank’s customers?

The NDIC is the official body that insures the deposits of customers in financial institutions in Nigeria. It also functions as the statutory liquidator for financial institutions whose licenses have been revoked by the CBN as provided in Section 55 (1) and (2) of the NDIC Act. Further to this, the NDIC has moved to ensure that the Heritage Bank’s customers recover their deposits. According to the NDIC, depositors with a bank balance of less than NGN5 million, the maximum insured limit by the NDIC, will be fully reimbursed.

For balances exceeding the insured limit, the excess amount will be treated as an unsecured credit. Depositors will receive liquidation dividends from the proceeds of the liquidated assets of the bank once the bank’s assets have been realized and loans recovered.

  1. What strategies can help keep bad loans at the minimum?

Some of the strategies that companies in the financial services space can implement to keep bad loans at the barest minimum are:

i. Use of Credit Scoring Methods: Companies should utilize credit bureaus to provide an accurate assessment of borrowers’ creditworthiness which would in turn help in determining the credit viability of a borrower.

ii. Partnerships and Collaborations: Businesses can enter into partnerships and collaborations with other financial institutions or fintechs to share risk. This can include co-lending arrangements or selling portions of the loan portfolio to other lenders.

iii. Efficient, Effective, and Ethical Loan Recovery Methods: Companies should implement efficient and effective loan recovery methods, including dedicated teams for collections and the use of technology for automated reminders and follow-ups. Companies can also explore legal avenues for recovery but must always ensure ethical loan recovery standards are upheld.

iv. Customer Education: It is advisable that companies invest in financial literacy programs to educate customers on responsible borrowing and effective financial management because improved borrower education can reduce the likelihood of defaults.

v. Good corporate governance: Effective corporate governance ensures accountability, fairness, and transparency in a company’s relationships with its stakeholders. It helps prevent mismanagement and unethical practices while also signaling to potential investors that the company has robust governance structures and sound risk management systems. This assurance enhances investor confidence and indicates that their investments will be protected and yield returns.

For more on how startups can implement strong and effective corporate  governance structures, please see our article on corporate governance best practices here https://pavestoneslegal.com/corporate-governance-and-startups-lessons-from-the-collapse-of-the-silicon-valley-bank/

  1.  How can companies ensure they remain compliant with regulations?

It is important that companies prioritize compliance with regulations to avoid regulatory sanctions. Compliance steps that companies can take include:

i. Conducting regular risk assessments to identify potential areas of non-compliance and vulnerabilities within the company.

ii. Staying updated with the latest regulatory requirements and ensuring that all business practices align with these regulations.

iii. Appointing a Chief Compliance Officer (CCO) or Chief Risk Officer (CRO) to oversee compliance and risk management as they will have the authority and resources to enforce compliance across the organization.

iv. Implementing comprehensive compliance training programs for all employees to ensure that staff are aware of regulatory changes and understand their roles in maintaining compliance.

v. Working with legal advisers who specialize in regulatory compliance to help in interpreting complex regulations and ensuring that the company’s practices are in line with legal requirements.

Conclusion

In conclusion, the revocation of Heritage Bank’s license serves as a stark reminder of the importance of strong corporate governance, effective risk management, and strict regulatory compliance in the operations of a business. Companies must ensure that they put these standards in place to avoid regulatory sanctions and business hazards.