The wave of technological advancement in the world has brought about a metamorphosis in different facets of human endeavour. In Nigeria, the financial industry has been at the fulcrum of this metamorphosis. The need for easy and fast payment gateways, financial inclusion/literacy and increased financial services to underbanked and underserved communities has stimulated the rise of financial technology (FinTech) aimed at resolving existing issues in the sector. Similarly, the thriving of FinTech in the country has been enabled by a bourgeoning youthful population that answers to the sobriquet “smart-phone generation.” This boom in the ‘smart-phone generation’ has led to the volcanic eruption of FinTech companies in the country. Presently, Nigeria is home to over 250 FinTech companies, not mentioning the vast variety of FinTech solutions which are offered by traditional banks and mobile network operators. The financial impact of this phenomena is massive as Nigeria’s FinTech environs raised more than $600 million in funding, attracting 25 percent ($122 million) of the $491.6 million raised by African tech startups in 2019 alone, between 2014 and 2019. (McKinsey Report, 2020). Even recently, the media was awash with the news of Paystack, a Nigerian FinTech company joining Stripe through an acquisition deal worth over $200 Million. According to Frost and Sullivan, Nigeria’s FinTech revenue is expected to reach USD $543.3 million in 2022 from US$153.1 million in 2017.
Given the vast activity in the FinTech ecosystem in Nigeria, this work moves to appraise the existing regulatory framework by offering insight into the legal and institutional framework guiding FinTech in Nigeria. Whether or not the regulatory framework is adequate or well-structured is an issue that will be addressed in the course of this work.
2.0 UNDERSTANDING THE TERM FINTECH
FinTech is a concept that is abbreviated from two words- Financial and Technology. Simply put, it is a structured system whereby technology companies and financial institutions use technological innovations to foster financial services, increase access to finance and drive financial literacy. It is an all-encompassing concept that represents how technological innovations challenge and change the old time, traditional methods of service delivery in the financial sector.
The Nigerian FinTech industry offers products/services which include provision of payment gateways, savings and investment services, loans to SMEs and individuals with jobs, banking services. For instance, PiggyVest helps their customers with savings and investments and provides a seamless service where access is via the use of a mobile app. Also, banking services have been simplified by FinTech platforms such as Kuda bank, Alat by Wema, VBank, among others. With these platforms, opening of a bank account, mobile transfers, online payments, deposits and withdrawals are easily achieved by mobile apps. Paystack offers a modern, secure payment gateway that facilitates local and international payments.
Apparently, FinTech services cut across different sub-sectors which include consumer/small and medium-sized enterprise (SME) lending, Mobile and online banking, Digital Payments (Mobile Money/E-wallets, USSD Financial Services, International Money Transfer), Data Protection and Privacy, Distributed Ledger Technology (Blockchain, Cryptocurrency), Cybersecurity, Asset management (savings/investments), Alternative financing (crowdfunding/peer-to-peer lending), Intellectual Property and Innovation.
3.0 FINTECH REGULATION IN NIGERIA
As obtainable in other sectors in Nigeria, FinTech is not without regulation. On the surface, there is no holistic FinTech Act to cover all regulatory aspects of FinTech but there are different regulations that have been made by the core institutional body, the Central Bank of Nigeria as well as other regulatory bodies that regulate areas that cut across FinTech. These regulations are examined in detail, in the paragraphs that follow.
THE LEGAL FRAMEWORK FOR THE REGULATION OF FINTECH IN NIGERIA
- CBN REGULATIONS
Regulation of FinTech in Nigeria is overseen by the Central Bank of Nigeria. Over the years, several guidelines and regulations have been established by the CBN. These regulations affect mobile payment, international money transfers and FinTech innovation, and also seek to tackle issues such as risk management, cyber risks, capital adequacy, etc. Different regulations apply to different FinTech companies depending on the type of services offered. An overview of the regulations is presented below:
- The Guidelines on International Money Transfers 2014
This prohibits persons and institutions from providing international money transfer services without a licence from the Central Bank of Nigeria (CBN), upon application to the director of the Trade and Exchange Department. To enable operations, FinTech companies operating in the e-commerce and m-commerce sectors must be licensed by the CBN under the terms and conditions set out in the guidelines before they can operate. Some FinTech companies have therefore partnered with licenced organisations and use their platforms to carry out their transactions.
- Guidelines on Mobile Money Services in Nigeria, 2015
This applies to companies that provide mobile payment services. The objectives of the Guidelines include:
- To ensure a structured and orderly development of mobile money services in Nigeria, with clear definition of various participants and their expected roles and responsibilities.
- Specification of the minimum technical and business requirements for the various participants recognized for the mobile money services industry in Nigeria.
- To promote safety and effectiveness of mobile money services and thereby enhance user confidence in the services.
The scope of the Guideline extends to models, agent network, business rules, roles and responsibilities of participants under mobile money services in Nigeria.
- The Guidelines on the Operation of Electronic Payments 2016
This regulates payments from automated teller machines, point of sale machines and mobile point of sale devices, as well as those made via the Internet.
- Regulation for Bill Payments in Nigeria, 2018
This regulation was issued by the CBN to document the minimum standards to be complied with for the processing for bill payment transactions, identify stakeholders in Bill payment system, ensure the achievement of the vision of a ‘nationally utilized and international recognized’ payment systems in Nigeria and ensure the adequate protection for the stakeholders in the Bill Payment system space. The regulation covers bill payments through various payment channels and any payment platform that seeks to integrate commercial payment activity and merchant aggregators in Nigeria. Payment methods include cheques, cards, direct debits, instant payments, and automated clearing houses.
- Guidelines for Licensing and Regulation of Payment Service Banks in Nigeria, 2018.
Payment Service Banks (PSBs) operate mostly in rural areas and unbanked locations so as to service people who otherwise would be excluded from financial services. Since PSBs are not standard banks, there are limits on their activities and the services they can provide. The Guidelines for Licensing and Regulation of Payment Service Banks in Nigeria is that CBN regulation which guides the operations of PSBs. By the guidelines, PSBs can accept deposits from individuals and small businesses, execute payment using different payment channels, issue debit cards in their name, render financial advisory services and invest in FGN and CBN securities. PSBs are not allowed to grant loans, accept foreign currency deposits, deal in the foreign exchange market (except of personal remittances within Nigeria) or underwrite insurance.
- Framework for the use of Unstructured Supplementary Service Data in Nigeria, 2018
In response to the increasing use of mobile phones to enhance financial services and inclusion, the CBN provided regulations to prevent the abuse/breach of unstructured supplementary service data financial services in Nigeria. The regulatory framework affects the eligibility of providers to use USSD shortcodes, data protection and security requirements for financial institutions providing use of USSD, sufficient dispute resolution mechanisms and mandatory service level agreements. It equally provides sanctions in the event of a breach.
- Risk-Based Cybersecurity Frameworks and Guidelines for Deposit Money Banks (DMBs) and Payment Service Providers (PSPs), 2019
This is a comprehensive guideline by the CBN to reinforce cybersecurity in the FinTech space. The Cybersecurity guideline covers five major parts viz Cybersecurity Governance and Oversight, Cybersecurity Risk Management System, Cybersecurity Operational Resilience, Metrics, Monitoring & Reporting and Compliance with Statutory and Regulatory Requirements.
- Framework for Regulatory Sandbox Operations, 2021
The CBN issued the framework for regulatory sandbox operations on the 13th of January, 2021. The framework relates to payment solutions and emerging disruptive technology in the financial service scene. The regulatory sandbox permits FinTech innovators to conduct live tests of their products. The live tests are to be conducted in a highly controlled environment under the supervision of a regulator. The aim is to give the regulators an understanding of how the innovations would work in order to know how to regulate them. At the foundation of this regulation is the need to promote financial technology that would bring about financial inclusion and bring about the overall improvement of financial services in Nigeria. The regulatory sandbox is averse to risk on consumers as Applicants are required to identify the potential risks that may arise from the testing of the products.
- Framework for Quick Response (QR) Code Payments in Nigeria, 2021
The Framework defines QR Codes as matrix barcode representing information presented as square grids, made up of black squares against a contrasting background, that can be scanned by imaging device, processed and transmitted by appropriate technology. These codes are used to present, capture and transmit information relating to payments. The Framework therefore aims at ensuring the adoption of appropriate QR code standards for safe and efficient payments services in Nigeria.
- DATA PROTECTION/PRIVACY
The National Data Protection Regulation, 2019 (NDPR) is the most comprehensive existing regulation on data protection Nigeria.
The objectives of the Data Protection Regulation 2019 include:
- Safeguarding the rights of natural persons to data privacy;
- Promoting the safe execution of transactions involving the exchange of personal data;
- Preventing the manipulation of personal data; and
- Ensuring the competitiveness of Nigerian businesses in international trade.
The scope of the regulation includes all transactions intended for the processing of personal data i.e information relating to an identified or identifiable natural person, including names, addresses, photographs, e-mail addresses, bank details, posts on social networking websites, medical information, IP address, IMEI number, IMSI number, SIM and others. FinTech companies as Data controllers are required to protect the privacy of natural persons in Nigeria, and those of Nigerian descent residing outside Nigeria.
- IP AND INNOVATION
FinTech innovation is protected by the Nigerian intellectual property law. The Nigerian Copyright Act (Cap C28, Laws of the Federation of Nigeria, 2004) protects software and computer programs that enable FinTech applications and platforms. Although the Copyright Act does not expressly mention software, computer programs or APIs as subject matter or copyright protection, it suffices that the software, program or API is reduced to writing and passes the test of originality.
The Patent and Designs Act (Chapter P2, Laws of the Federation of Nigeria, 2004) provides protection for the technical and functional aspects of FinTech innovations. Such aspects must pass the test of novelty, inventive activity and industrial application. FinTech companies could also choose to apply for Trade Secret protection to protect their confidential processes, manual, algorithms, etc.
Also, the Trademarks Act (Chapter T13, Laws of the Federation of Nigeria, 2004) provides a legal framework for the protection of the trademark of FinTech companies- brand name, logo, icon, marks, phrases- so as to distinguish it from other FinTech players in the scene.
Cybersecurity threats are prevalent in the FinTech sector. To this end, the Nigerian Cybercrime (Prohibition, Prevention etc.) Act of 2015 constitutes the legal framework for the prohibition and prevention of all forms of cybercrimes.
THE INSTITUTIONAL FRAMEWORK FOR THE REGULATION OF FINTECH IN NIGERIA
In as much as there are laws to regulate FinTech in Nigeria, these laws would be mere toothless bulldogs if there are no institutions to enforce them. To this end, there are different authorities/institutions that regulate the FinTech ecosystem in Nigeria. These authorities/institutions are appraised in the paragraphs that follow:
- THE CENTRAL BANK OF NIGERIA
The CBN is the apex monetary authority in Nigeria. It is entrusted with the core responsibility of regulating financial services in Nigeria and their effectiveness in this regard is evident through the diverse regulations passed by the CBN over the years. It governs most FinTech players in Nigeria, including banks and other financial institutions, by virtue of the Banks and other Financial Institutions Act.
- SECURITIES AND EXCHANGE COMMISSION
The Securities and Exchange Commission is the main regulatory institution of the Nigerian capital markets. The Commission has been involved in the regulatory purview of FinTech over the years. Back in 2018, the Commission inaugurated a FinTech Roadmap Committee in order to develop a regulatory framework for the operation of FinTech firms and Startups in Nigeria. In 2020, SEC also released a proposal for crowdfunding rules seeking to regulate FinTech-based fundraising and this was approved in 2021.
- CORPORATE AFFAIRS COMMISSION
The Corporate Affairs Commission regulates and supervises the formation, incorporation, management and winding up of FinTech companies.
- NIGERIAN COMMUNICATIONS COMMISSION
The Nigerian Communications Commission (NCC) regulates FinTech companies that act as mobile network providers pursuant to the Licence Framework for Value Added Service issued by the NCC.
- NATIONAL INFORMATION TECHNOLOGY DEVELOPMENT AGENCY
When it comes to data protection and privacy, a core phenomenon that exists in FinTech, NITDA exists as a regulatory body, to implement and enforce the NDPR 2019. NITDA’s role as an agency of the Federal Ministry of Science and Technology is to develop, regulate and advise on Information Technology (IT) in the country through regulatory standards, guidelines and policies. As it concerns FinTech companies, NITDA exists to enforce principles on data protection and privacy as this is at the core of their mandate. Where these companies are in breach, it is NITDA’s duty to investigate and issue appropriate sanction.
APPRAISAL OF THE REGULATORY FRAMEWORK FOR FINTECH IN NIGERIA
Gleaning from the foregoing, it is apparent that Nigeria’s FinTech space is largely regulated, with the Central Bank of Nigeria as the key regulator. The existing laws and institutions have facilitated the regulation of some aspects of FinTech over the years.
However, there are glaring concerns bothering on other sparsely regulated areas of FinTech, particularly areas that have inadequate or incomprehensive legislation. One of such areas is cloud computing. The impact of cloud computing on FinTech cannot be overemphasized. With cloud technology, FinTech companies are able to store, manage and process data on the internet, without necessarily using a server. Regulation of cloud computing in Nigeria is currently incomprehensive. Since data centers are considered as IT infrastructure, the NCC makes attempt to regulate in this regard. The NDPR also applies with respect to the data collated. However, a well-defined licensing requirement for the provision of cloud services is still lacking. As a result of this, regulatory compliance issues cannot be raised or addressed.
Another sparsely regulated area of FinTech in Nigeria is Artificial Intelligence (AI). At best, attempts have been made by NITDA to regulate some aspects of AI. The above notwithstanding, FinTech companies, start-ups and banks in Nigeria are making glaring use of AI-FinTech development. For example, banks in Nigeria now use AI-powered bots to assist customers with opening accounts, transferring funds and lodging complaints. Notable examples are LEO by United Bank of Africa and ADA by Access Bank.
Similarly, when it comes to Distributed ledger technology- blockchain, cryptocurrencies-, the regulatory framework is somewhat sketchy. The Securities and Exchange Commission (SEC) on the 14th of September 2020, had issued an official statement on the classification and treatment of digital assets like cryptocurrencies in investments. The force and effect of this statement is yet to be ascertained as it would have been if same position were communicated as a law, regulation or guideline. Nigeria could borrow a leaf from Malta, a country considered as a ‘blockchain island’ where their Parliament unanimously passed three bills into law- Innovative Technological Arrangement and Services Act, Malta Digital Innovation Authority Act and Virtual Financial Asset Act- for the purpose of regulating blockchain related technologies. The country even instituted the Malta Digital Innovation Authority with a sole mission of enhancing the development of blockchain technology in the country. This level of deliberateness shows efforts to put adequate legal framework in place, as opposed to the issuance of a mere statement.
True to its aim, this work has given an insight into the legal and institutional framework guiding FinTech in Nigeria. The adequacy of these regulations has been duly analyzed, given the expanding frontier of FinTech generally. In view of this, periodic review of these regulations is expedient, as well as the enactment of new laws bothering on the expanded frontiers.
The regulatory regime for FinTech companies in Nigeria, although highly beneficial, is on the reverse, a challenge for FinTech companies. The issue with this is the fact that there are too many licenses for existing and upcoming FinTech companies from different regulators, most of which do not clearly define roles of FinTech companies with respect to regulatory compliance. A major disadvantage of this would be the discouragement of potential investors who would provide the needed funding for startup FinTech companies to thrive. The regulatory framework provided by the CBN alone is fragmentary and the harmonization of these different regulations could bring about ease in this regard. Ultimately, the goal of providing an enabling business environment for FinTech companies to thrive will be achieved.
 An Overview of The Regulatory Framework of FinTech In Nigeria – https://www.mondaq.com/nigeria/fin-tech/829922/an-overview-of-the-regulatory-framework-of-FinTech-in-nigeria?type=popular
 The Future of FinTech in Nigeria (2019) Report by the FinTech Roadmap Committee of The Nigerian Capital Market.