Open banking (i.e. the authorised provision of consumer banking data to third parties through application programming interfaces) looks set to drive innovation and competition in the banking sector to the benefit of customers. However, the financial services industry should be aware of the potential risks associated with opening banking, including market concentration, data compliance concerns, hacking and data breaches, risks to financial privacy and the resulting liability of banks.
General overview
Open banking is in its infancy in Nigeria. Typically, parties to an open banking arrangement in Nigeria are the consumer (payer or payee), the consumer’s bank and third-party financial providers (TPPs). TPPs licensed by the Central Bank of Nigeria (CBN) include:
- payment services solution providers;
- mobile money operators;
- other financial institutions, for example:
- micro finance banks;
- primary mortgage institutions;
- finance houses;
- development finance banks;
- super agents;
- payment terminal services providers;
- web portals; and payment service banks.
Open banking in Nigeria may also involve new players such as electricity distribution companies, accounting firms and a myriad of other utility service providers, which aim to enhance their service delivery to the public through data analytics available by virtue of open banking.
While open banking has the potential to revolutionise the Nigerian banking industry, some of the essential infrastructure needed for it to thrive is still lacking. For instance, the industry is yet to agree common application programming interface (API) standards. Thus, licensed third-party providers may have to separately connect to individual banks given the disparate interface specifications in the industry. Such a process imposes significant costs, time and effort compared with a truly open API framework.
With respect to regulation, there is currently no comprehensive regulatory framework for open banking operations in Nigeria. However, some CBN, Nigerian Communication Commission and National Information Technology Development Agency regulations apply.
This article was originally published by the International Law Office.
