Nigeria Central Bank’s Perspective on Open Banking
By Charles Ogbonna
The Central Bank of Nigeria (CBN) recently unveiled a document that articulates is regulatory aspirations for what is commonly described as “open banking” in Nigeria.
Essentially it’s a new framework for the sharing of data among actors in the banking and payments system, which enables seamless transaction of business as well as the expansion of innovative financial and business products using an application programming interface (API). It’s a system that could, for instance, allow a chain store gain access to some basic banking information of a prospective buyer for the purposes of giving credit.
“Open banking recognizes the ownership and control of data by customers of financial and non-financial services and their rights to grant authorization to service providers for the purpose of accessing innovative financial products and services,” said the CBN in a statement on its website. “This is anticipated to drive competition and improve accessibility to banking and payment services.”
Towards achieving Nigeria’s economic goals, the CBN is keen to ensure that clear lines of responsibilities and expectations for all participants, providing consistency and security across the open-banking system, stipulating safeguards for financial stability whilst all the while promoting competition and enhancing access to financial services for citizens.
Beyond outlining the minimum requirements for participation, the CBN plans to maintain an Open Banking Registry to help it maintain regulatory oversight, enhance transparent conduct and ensure that only duly registered organizations are within the ecosystem. Potential participants have been classified into three broad categories:
- API providers( AP).They are participants that provide the API used to access data or a service.
- API consumers ( AC): These are participants that use API released by the ( API) providers to access data services.An API consumer can be a licensed financial institution/ service provider, an FMCG or other retailers, pay Roll Service Bureau and so on.
- Customers: These are the data owners and end users that may be required to provide consent for the release of data for the purpose of accessing financial services.
To ensure that it all works according to plan, participants shall be identified by their unique corporate registration numbers in the Open Banking Registry. They’re also required to main APIs that will serve as the primary means of engaging users and consumers.
The CBN has also outlined responsibilities and commitments to be met by participants as follows:
- On configuration management, there should be detailed inventory or open banking configuration items which shall be kept in accordance with ITIL V3 (the third level of Information Technology Infrastructure Library) standards, a universally accepted set of practices for managing information technology. At the minimum, the inventory shall be electronically searchable for registered participants.
- An automated configuration management process that has been approved by an IT steering committee at the executive level.
- A log of all changes within the configuration management system, audited on a quarterly basis or more frequently.
- It should also have a configuration data base with logical listing, defined configuration items, physical listing of systems and specifications, and a diagnostic assessment tool to identify points of failure.
For the purpose of accounting and payment settlements, the CBN guidelines require that:
- Operations involving movement of funds within the API providers domain must shall be recorded at the account level of the API consumers involved.
- Metrics used for billing shall be definitely agreed and included in the service level agreement.
- Separate accounts for principal and fees collection should be maintained.
For the purpose of monitoring the services, the guidelines require providers to:
- Monitor infrastructural and API level performance, internally monitor hardware hypervisor operating system application metrics at the functional level.
- Collect performance metrics for all API transactions, metrics that shall be frequently stored.
- Implement monetary policies that alert( visually or otherwise) first level support, as well as personnel to identify suspicious and critical occurrences.