Founders and investors looking to create solutions or invest within the financial technology (FinTech) sector in Nigeria would need to embrace its regulatory landscape. This is the first of a series highlighting key regulators of the FinTech sector in Nigeria.
Central Bank of Nigeria
The Central Bank of Nigeria (the “CBN“) is the lead regulator of banks and other financial institutions in Nigeria. Beyond traditional banks, this means that the CBN also regulates entities such as payment service providers, discount houses, bureau de change companies, and mortgage refinance companies.
As a key regulator, the CBN also issues guidelines and circulars covering specific functions of its regulated entities including guidelines relating to consumer protection, information technology minimum requirements, and anti-money laundering provisions.
Securities and Exchange Commission
The Securities and Exchange Commission (the “SEC“) regulates activities in the Nigerian capital markets. As a result, where the actions or products of a FinTech entity would cover activities such as asset management/trade, the SEC will act as the primary regulator.
It is also common practice for the business activities of a company within the FinTech space to cover core financial products and capital market activities. In this case, the FinTech entity would be regulated by the CBN and the SEC and will need to obtain relevant licences/approvals from both regulators to carry on business in Nigeria.
While the Central Bank of Nigeria and the Securities and Exchange Commission are the major regulators which govern Fintech companies, there are other key regulators that either complement the roles played by the primary regulators or act as the major regulator due to the nature of services/products offered. This post focuses on some of the regulators that play adjunct roles.
Other regulators with oversight over certain financial technology (fintech) companies in Nigeria are:
Nigeria Deposit Insurance Corporation
All deposit-taking financial institutions licensed by the Central Bank of Nigeria (for example microfinance banks with digital product offerings and commercial banks) are required to insure a percentage of their deposit liabilities with the Nigerian Deposit Insurance Corporation (the “NDIC”). This deposit insurance system is to protect customers against the loss of their insured deposits. Practically, in the event the deposit- taking financial institution fails (as designated by its lead regulator), customers are entitled to recover specific sums.
The NDIC recently established a Fintech and Innovations Unit to collaborate with innovators in the financial services sector to develop and promote technology-driven solutions, geared toward protecting depositors.
National Office for Technology Acquisition and Promotion.
The principal function of the National Office for Technology Acquisition and Promotion (“NOTAP“) is to monitor the transfer of foreign technology to Nigeria. Foreign technology includes the use of trademarks, the right to use patented inventions, the supply of technical expertise/ assistance and the provision/training of operating staff.
Nigerian companies (including Fintechs) entering into technology transfer agreements (TTAs) with foreign parties will need to register these contracts with NOTAP to ensure that foreign currency payments/royalties due to the foreign entity under the TTAs can be sourced from the CBN official foreign currency market.
National Insurance Commission
The National Insurance Commission (“NAICOM” or the “Commission”), which regulates the insurance sector, was established pursuant to the NAICOM Act 1997. In relation to fintech entities, the Commission supervises the activities of companies which deliver insurance services via technology, generally known as ‘InsurTech’ entities.
As such, innovators, tech companies, and startups that provide technology-enabled solutions in this financial services segment are required to obtain requisite operating licenses from NAICOM.
Federal Competition and Consumer Protection Commission
The Federal Competition and Consumer Protection Commission (“FCCPC”) was established by the Federal Competition and Consumer Protection Act 2018. The Commission discharges competition, merger control, and consumer protection regulatory functions, among other things.
As such, any fintech entity engaged in any merger and/or acquisition transaction that falls within the regulatory remit of the FCCPC will be required to exercise requisite recourse to the FCCPC. In addition, fintech entities are subject to relevant consumer protection regulations issued by the FCCPC from time to time.
📍 Key Regulators in the Nigerian FinTech Space
In closing out our series on key regulators in the fintech space, we set out primers on the following:
— Aluko & Oyebode (@Aluko_Oyebode) November 4, 2022
The Nigerian Communications Commission
The Nigerian Communications Commission (“NCC”) is an agency established pursuant to the Nigerian Communications Act 2003 and is responsible for regulating all activities in the telecommunications industry in Nigeria.
The NCC enforces standards for companies that deploy communication devices to facilitate their product offerings. For instance, fintech companies, such as Payment Terminal Service Providers (PTSPs) that deploy communication equipment will have to obtain ‘Type Approval’ from the NCC. The NCC also issues ‘Individual Licenses’ to Mobile Money Operators who provide Value Added Services (VAS) using short codes such as Unstructured Supplementary Service Data (USSD). Therefore, fintech companies which operate in this space are subject to the regulatory oversight of the NCC.
Nigerian Data Protection Bureau and National Information Technology Development Agency
The principal data protection regulations in Nigeria are the Nigerian Data Protection Regulation (“NDPR”) and the Nigerian Data Protection Regulation Implementation Framework 2020 (the “Framework”) which are subsidiary regulations issued by the National Information Technology Development Agency (NITDA) pursuant to the National Information Technology Development Agency Act 2007. In addition to NITDA, the Nigerian Data Protection Bureau (NDPB) was established by the presidency on 4 February 2022 to enforce data protection regulations, among other things. The powers which were previously exercised by NITDA under the NDPR and the Framework in relation to the implementation of data protection laws are now exclusive to the NDPB.
Operationally, the NDPB regulates the processing of personal data as contained in the NDPR and the Framework, while NITDA regulates cloud computing services/data centres used for storage and processing of data in Nigeria. Therefore, fintech companies which operate in these spaces are subject to the regulatory oversight of the relevant data protection agency(ies).