“The Covid-19 pandemic has led to unprecedented public concerns about viral transmission via cash. Central banks report a large increase in queries from the media on the safety of using cash. The number of internet searches pertaining to both “cash” and “virus” is at record highs. While search interest in these terms also rose in several East Asian and European countries during the 2009–10 H1N1 pandemic, those statistics are dwarfed by the extent of recent searches.”
The COVID-19 pandemic has caused uncertainties to the global economy at large. These uncertainties have created risks for both companies and individuals around the world at an unprecedented level, including raising questions as to the safety of cash within the payment system. Looking ahead, developments could speed up the shift toward digital payments. This could open a divide in access to payments instruments, which could negatively impact unbanked and older consumers.
For more than a decade, the need to enhance financial inclusion of the unbanked in Nigeria has been high on the list of priorities of the Central Bank of Nigeria (CBN). To address this divide in access to payments, the CBN in 2012 adopted the National Financial Inclusion Strategy (NFIS). The NFIS articulated the demand-side, supply-side and regulatory barriers to financial inclusion, identified areas of focus, set targets, determined key performance indicators (KPIs) and established the implementation structure. The NFIS was built on four strategic areas of agency banking, mobile banking/mobile payments, linkage models and client empowerment.
Innovation in financial technology, often referred to as “FinTech,” is rapidly transforming the global financial sector and is an accelerant to bridging the financial divide. Since 2010, more than US$50 billion has been invested in almost 2,500 companies worldwide as FinTech redefines the way in which we store, save, borrow, invest, move, spend, and protect money. Whilst there is not yet a consensus as to the definition of FinTech, the Financial Stability Board (FSB), defines it as “technologically enabled financial innovation that could result in new business models, applications, processes, or products with an associated material effect on financial markets and institutions and the provision of financial services”.
Nigeria has obviously not been left out of the disruption that technology is introducing into the global financial services industry. There is no doubt that the country’s financial system has been receptive to this disruption with the Nigerian FinTech landscape currently consisting of no less than 210-250 FinTech companies, key stakeholders (banks, telecom companies, and the government), enablers and funding partners (i.e., universities and research institutions, investors, incubators, technology, and consumers).
The Nigerian FinTech Industry
The Nigerian FinTech industry offers a wide range of services including innovative payment gateways, digital currencies, lending, insurance, and wealth management which are primarily accessed through the FinTech company’s online and/or mobile banking platforms. Indeed, most of the activity in the industry is focused on payments systems and applications, which helps the users to avoid the need to hold cash or transact business via a bank account.
In response to the considerable growth in the industry, the Central Bank of Nigeria (CBN) introduced the Payment System Vision 2020 (PSV 2020) to fast track the development of FinTech in the country. Furthermore, in demonstration of its commitment to the development of the current FinTech landscape, the CBN issued a circular which set out a proposed licensing regime (Licence Tiering) for Payment System Providers. In this Circular, the proposed licensing regime are:
- PSP Super License for switching, PSSP PTSP, Non-bank Merchant Acquiring and Super agency;
- PSP Standard License for MMO, Super Agency and Non-Bank Merchant Acquiring; and
- PSP Basic License for Super Agency, PSSP and PTSP.
The aim of the proposed licensing regime is to position the CBN to effectively address the emerging issues in the provision of FinTech services such as:
- cyber risk management;
- capital adequacy;
- better-focused regulation; and
- oversight operations.
This proposed licensing regime has however received mixed reactions from operators in the industry, primarily because of the onerous capital requirements.
Alternative lending platforms
There are several alternative lending platforms using FinTech, thus providing loans that can be accessed anywhere without visiting a bank. These alternative lending platforms offer unsecured loans to small and medium-sized businesses at competitive interest rates with attractive payback periods. The friendly interest rates and comfortable loan sizes, which are tailored to the needs of the middle class, have gained alternative lenders significant market share from microfinance banks and other retail-banking divisions of traditional banks.
However, a FinTech company engaging in lending activities may either be subject to the applicable Money Lenders Law of the state in which it operates where its scope is purely localised within the state or register as a financial institution and obtain a licence from the CBN in accordance with the Banks and Other Financial Institutions Act. As FinTech services tend to be across state boundaries by the sheer nature of being electronic in nature, the proper view is that a FinTech company must, depending on the level in the FinTech value chain within which it operates, register with and obtain the proper license with the CBN. Applicable laws may have regulatory capital requirements, place restrictions on the interests that the company can charge or amount that the company can give out as loans to a single obligor.
Digital payments and remittances
The digital payment sector is arguably the most popular and most technologically advanced in the Nigerian FinTech industry. In addition to the regulations specific to payment systems, this sector is primarily governed by the same legal framework as traditional financial institutions providing offline services such as money or payment transfers, clearing, switching and settlement services. Indeed, the CBN has issued numerous regulations and Guidelines, including the PSV 2020 Guideline, which is supposed to promote the growth of mobile electronic payment solutions. Furthermore, recent innovations in this subsector include the adoption of unstructured supplementary service data for payments by banks and non-bank operators. Similarly, banking, and non-banking institutions have created electronic mobile applications to help improve banking transactions and experiences outside the traditional banking hall. Both domestic and international money transfer operators must obtain licences from the CBN before engaging in money transfer services or otherwise be sanctioned.
There are currently no laws in place for reward and equity-based crowdfunding in Nigeria, however, the Securities and Exchange Commission (SEC), on 28 March 2020, exposed its draft Rules on Crowdfunding (Crowdfunding Rules) aimed at regulating the raising of finance by micro, small and medium enterprises (MSMEs) from the public via digital platforms. The Crowdfunding Rules is expected to regulate crowdfunding platforms located within Nigeria, and those outside Nigeria if the crowdfunding activities are targeted at investors in Nigeria. The Crowdfunding Rules set out clear provisions the permitted participants for the purposes of digital crowdfunding (these are issuers seeking to raise capital via crowdfunding; Crowdfunding portals used to crowdfund; and investors investing in crowdfunding investment instruments), the registration requirements and obligations for such participants, as well as provisions on the crowdfunding process.
The Crowdfunding Rules permit medium, small, and micro enterprises (MSMEs) to be Issuers. However, the proposal is that such entities will be required to have a minimum paid up share capital of at least N100 million (now approx. US$255,000) and been operational for at least 2 years. Entities, including complex structures, public listed companies, and their subsidiaries; blind pools; and companies that propose to use the funds raised to provide loans or invest in other entities, are prohibited from being issuers.
There are concerns that the definition of an “Issuer” under the Crowdfunding Rules may effectively “lock-out” many MSMEs as they may not be able to meet the registration requirements prescribed by the Crowdfunding Rules.
The Crowdfunding Rules provide that only “Crowdfunding Intermediaries” (intermediaries organized and registered as a corporation to facilitate transactions involving the offer or sale of securities or investments through an online electronic platform) may register and operate Crowdfunding Portals.
For platforms outside Nigeria, the Crowdfunding Rules apply if these portals are “targeting Nigerian investors” by the operator or representative promoting the platform directly or indirectly in Nigeria.
The Crowdfunding Rules provide additional obligations for digital commodities investment platforms, which include that they only host commodities investment projects on crowdfunding platforms that they do not directly or indirectly control.
Crowdfunding Intermediaries play an integral role in the crowdfunding process as they own and operate the Crowdfunding Platforms and are thus required to be registered with the SEC. A Crowdfunding Intermediary is also required to have a minimum paid up capital of
Regulatory Framework for the Nigerian FinTech Industry
Nigerian financial services legislation applies to most FinTech products and service providers, although there are no laws specifically tailored to the FinTech sector. These laws and regulations provide regulatory and supervisory requirements and spell out the permissible and prohibited activities of financial institutions to promote efficient and sustainable financial services in Nigeria.
There are also several regulations and guidelines that impact on the activities contemplated under FinTech operations. These regulations seek to promote and ensure an effective and sound financial system for the settlement of transactions, including the development of electronic payment systems in Nigeria. They also leverage technology to promote financial inclusion and enhance access to financial services among low-income earners and the unbanked part of the population. Typically, a FinTech company must obtain the requisite license from the relevant regulator before it can engage in the business in Nigeria. E.g., a banking licence must be obtained from the CBN before a FinTech company can engage in lending operations; likewise, money transfer operators, while lending within a state’s territorial jurisdiction requires a money lender’s licence from the state in question. Very soon, crowd funding platforms and crown funding intermediaries will be required to register with SEC before they can become operational. In addition to the foregoing, the general provisions of the law in respect of registration and incorporation of businesses and companies must be complied with, including that every foreign company wishing to carry on business in Nigeria must register a local subsidiary for that purpose. Finally, where a foreign entity intends to supply FinTech products in Nigeria, in addition to incorporating a company, it must comply with certain requirements, such as obtaining a business permit from the Ministry of Interior. Registration with the Nigerian Investment Promotion Council (NIPC) is also advised.
FinTech Services and Data Protection in Nigeria
The regulatory framework for data protection in Nigeria is the Data Protection Data Regulation 2019 (Data Regulation) which seeks to protect the rights of natural persons to data privacy; ensure safe conduct of transactions involving the exchange of personal data; and prevent manipulation of personal data, amongst others. It is important to note that before the Data Regulation was issued, there were a couple of legislations governing data protection in Nigeria. Under the Data Regulation, a Data Controller is expected to ensure that all personal data submitted on its platform is secure against all foreseeable hazards and breaches such as theft, cyberattack, viral attack, dissemination, manipulations of any kind or damage. Data Controller is defined as a person who either alone, jointly with other persons or in common with other persons or as a statutory body determines the purposes for and the manner in which personal data is processed or is to be processed. As a Data Controller, a FinTech company would be expected to meet the obligations under the Data Regulation. The Data Regulation also contemplates that as Data Controller, the Company would have a duty of care to the data subject (Users). It provides as follows:
“Anyone who is entrusted with Personal Data of a Data Subject or who is in possession of the Personal Data of a Data Subject owes a duty of care to the said Data Subject”.
As a Data Controller, the FinTech company would also be accountable for its acts and omissions in respect of how the data is processed and would also be obligated to ensure data security.
The Data Regulation also provides for rights which the users of the FinTech company’s products or services, as Data Subjects will have against the company. In addition, the user must also be expressly offered the option to object to use of his/her personal data. Finally, it is important to note that the FinTech company may incur criminal liabilities if there is a breach in the system, and the data of its users becomes compromised. There are also civil liabilities applicable. Thus, where the users are more than ten thousand, the Company may be liable to pay a fine of up to 2% of its annual gross revenue for the preceding year or the sum of N10,000,000 (ten million Naira), whichever is greater. Where the users are less than ten thousand, the Company may be liable to pay a fine of up to 1% of its annual gross revenue for the preceding year or the sum of N2,000,000 (two million Naira), whichever is greater.
Cybersecurity Regulations and FinTech Businesses
The legal framework for cybersecurity in Nigeria is the Cybercrimes (Prohibition, Prevention Etc.) Act 2015. Under the Cybercrimes Act, a service provider is defined as any public or private entity that provides to users of its services the ability to communicate by means of a computer system, electronic communication devices, mobile networks and any other entity that processes or stores computer data on behalf of such communication service or users of such service.
The duties of a service provider under the Cybercrimes Act include:
- keeping all traffic data and subscriber information as may be prescribed by the relevant authority for the time being, responsible for the regulation of communication services in Nigeria, for a period of two years.
- preserving, holding, or retaining any traffic data, subscriber information, non-content information, and content data at the request of the relevant authority or any law enforcement agency
- complying with the provisions of the Act and disclose information requested by any law enforcement agency or otherwise render assistance however in any inquiry or proceeding under the Act
- providing assistance towards the identification, apprehension and prosecution of offenders, identification, tracking and tracing of proceeds of any offence, equipment or device used in the commission of any offence or the freezing, removal erasure or cancellation of the services of the of the offender which enables the offender to either commit the offence, hide or preserve the proceeds of any offence or any property, equipment or device used in the commission of the offence at the request of any law enforcement agency in Nigeria or at its own initiative,
Any service provider who contravenes the above provisions, will be guilty of an offence under the Act. Consequently, to the extent may be regarded as a service provider within the provisions of the Act, it would be expected comply with the above provisions and provide its services in accordance with the provision of the Act.
The Act also prohibits the interception of electronic messages, e-mails and electronic money transfers, computer-related forgery, and fraud, unauthorised modifications of computer systems, network data and system interference, and the manipulation of automated teller machines and point of sale terminals.
FinTech and Consumer Protection laws and regulations in Nigeria
Several consumer protection laws and regulations are applicable to the FinTech industry in Nigeria. They include but are not limited to the following:
- the Federal Competition and Consumer Protection (FCCP) Act 2019, which established the FCCP Commission which is charged with the responsibility of protecting consumers by taking both preventive and remedial measures in respect of consumer products and services. The objective of the FCCP Act which is to encourage healthy competition among service providers and the function of the Commission also includes the identification of anti-competitive products, anti-consumer protection and restrictive agreements and practices which may adversely affect the economy. The FCCP Act also regulate merger control in Nigeria and in this regard provides that a merger occurs “when one or more undertakings directly or indirectly acquire or establish direct or indirect control over the whole or part of the business of another undertaking.” Under the FCCPA, control of by undertaking over the business of another (target) involves (amongst others) the direct or indirect:
- ownership of more than 50% of the issued share capital or assets of the target
- entitlement to cast or control a majority of the votes at a general meeting of the target
- ability to appoint or to veto the appointment of a majority of the directors of the target
- ability to materially influence the policy of the target.
A merger may be achieved in any manner, including through the purchase or lease of the shares, an interest or assets of the other undertaking, the amalgamation or other combination with the other undertaking, or a joint venture. Thus, where any company intends to take “direct or indirect control” of any FinTech company in Nigeria, and such transaction forms within the permitted threshold (combination of assets or turnover is more than US$2.5million) the review and approval of the Commission will be required. The consent of SEC may be required where the FinTech company is a public company, the appropriate notifications and disclosures may need to be made by a FinTech company listed on The Nigerian Stock Exchange; and the consent of CBN may also be required for a CBN licensed FinTech company. The aim of the FCCPC review is to determine if the merger would substantially prevent or lessen competition.
- the CBN Consumer Protection Framework 2016, which applies to financial institutions under the regulatory purview of the CBN including FinTech entities imposes a burden on financial institutions including FinTech companies to maintain the confidentiality and privacy of all financial services customers. FinTech companies must ensure that the appropriate data protection measures and employee training programmes are in place to prevent unauthorised access to or alteration, disclosure, accidental loss, or destruction of data.
Protection of IP rights inherent in FinTech innovations
The regulatory framework for the protection of intellectual property rights in Nigeria are enshrined in the following legislations:
The objective of these laws is to respectively protect rights over:
- literary works including software programs
- industrial designs and inventions
- industrial designs, inventions and improvements on existing patented inventions which are capable of industrial application, including computer programs; and
- registered trademarks.
Under the Patents and Designs Act, an invention is patentable if it is new, results from inventive activity and is capable of industrial application or if it constitutes an improvement upon a patented invention and also is new, results from inventive activity and is capable of industrial application. Indeed, software and apps qualify as patentable inventions provided, they are new and result from inventive activity. Consequently, in order to protect a design under the Patents and Designs Act, the Company would have to make an application to the Patent and Designs registry in the prescribed form for the design to be granted patent protection under Nigerian law. A patent is granted for twenty (20) years and during this period, the inventor maintains exclusive right to use the patented invention.
The company is also advised to register any mark it uses in the businesses (this includes a device, brand, heading, label, ticket, name, signature, word, letter, numeral, or any combination thereof) for protection under the Trade Marks Act to protect any other person from using the mark or any other mark so similar to it as to be likely to deceive.
With the current industry trend and appropriate policy drive, there is no doubt that Nigeria can lead the growth in non-cash transaction volume in sub-Saharan Africa. According to the Enterprise Development Centre (EDC) of the Pan African University, the percentage volume of non-cash transaction in Nigeria is expected to grow 39.0% faster than the 21.0% forecast for Sub-Saharan Africa and 9.0% for the global market. Furthermore, the total transaction volume of non-cash transaction in Nigeria is expected to increase from 4.7% at the end of 2018 to 17.8% in 2023. These projections preceded the disruption caused by COVID-19, which can only hasten the continued roll out of FinTech, as an enabler of business.
Undoubtedly, there are still infrastructural challenges to the continued accelerated development of FinTech in Nigeria, and Nigerian policymakers will need to fill the large existing hard infrastructure gap, choose the appropriate mix of energy sources to generate electricity, and improve the governance of public utilities to ensure an adequate provision of electricity and internet services. However, to do so they will need to complement their scarce public resources with domestic and foreign private financing as well as concessional resources. In turn, policymakers will need to mitigate the risks associated with investing in infrastructure projects in their countries (Gutman, Sy, and Chattopadhyay 2015) Consequently, investment in infrastructural development presents additional investment opportunities in Nigeria, in addition to the FinTech space. In April 2020, the Governor of the CBN announced its intention to establish a world class infrastructure development vehicle, wholly focused on Nigeria, with combined debt and equity take-off capital of N15 trillion (approx. $39 billion) and managed by an independent infrastructure fund manager. The InfraCo fund will be utilized to support the Federal Government of Nigeria in building the transport infrastructure required to move agriculture products to processors, raw materials to factories, and finished goods to markets, in a bid to drive a self-sufficient Nigerian economy. Economic development increases the growth and profitability of companies in Nigeria as a whole, and most especially FinTech companies, as preferred payment infrastructure. Little wonder, the FinTech industry is now considered to be providing key support to the financial services industry. With the size of the industry and its current growth rate, there is obviously no better time than now to explore the untapped opportunities in the industry.
The information and opinions in this publication are provided for general information only. They are not intended to constitute legal or other professional advice. If you would like additional information, please contact the author at [email protected]
© All Rights Reserved. Sefton Fross is a leading full-service law firm in Nigeria internationally recognised for its expertise in corporate, commercial and mergers and acquisitions.