CBN open banking plan draws focus to risks, cybersecurity, data breach, fraud

BY CHARLES ABUEDE

Data, they say, is power, and open banking in an economy like Nigeria has the power and potential to revolutionise the financial services landscape for all stakeholders (customers, traditional banks and regulators) as it brings about that fundamental shift from a closed model to a model which allows for the full authorisation and central control of information sharing by the customer to financial and non-financial services providers.

The Central Bank of Nigeria (CBN), last week, introduced the operational guideline for the operation of open banking in Nigeria in its efforts to enhance competition and innovation in the banking system. But the move by the CBN is raising concerns from different quarters on the secrecy of customers’ information and the issue of data breach and information security which, without any doubt, Nigeria’s traditional financial institutions have made giant strides in while maintaining a monopoly of this information.

According to an explanatory note by PwC, Open Banking is a blanket financial services term used to describe the use of open technologies by third-party providers (TPPs) to build services and applications around financial institutions. It provides guidance on how TPPs can access and utilise customer bank data in a standard format to provide more open, transparent and competitive banking services.

However, open banking recognises the ownership and control of data by customers of financial and non-financial services, and their right to grant authorisations to service providers for the purpose of accessing innovative financial products and services. This, the apex bank anticipates to drive competition and improve access to banking and payments services.

For the CBN, the move is to bring about established principles for the sharing of data across the banking and payments system to promote innovations and broaden the range of financial products and services available to bank customers. To this, it said stakeholders involved shall adhere strictly to security standards when accessing and storing data, and shall be subject to minimum privacy standards, operational standards, risk management standards and customer experience standards as prescribed by the CBN.

Guidelines to the operationalisation of open banking in Nigeria, according to the CBN, include the provision of clear responsibilities and expectations for the various participant categories; ensuring consistency and security across the open banking system; stipulating safeguards for financial system stability under an open banking regime; to promote competition and enhance access to banking and other financial services and then, outline minimum requirements for participants.

Before now, the drive toward open banking in Nigeria has seen various developments and efforts to create a uniform standard in the Nigerian banking sector, including the initiatives for the Nigeria Uniform Bank Account Number (NUBAN), Bank Verification Number (BVN) and NIBSS Instant Payment (NIP). These standards have opened up for the expansion and security of the payment ecosystem, landing Nigeria a position in the top five attractive countries for foreign direct investment in Africa.

In spite of all the signs of progress so far, the integration standard among the banks is still to be addressed making it a multifarious integration landscape across the industry. If banks adopt a uniform API standard, there would be more seamless integration with fintech leading to cheaper operating costs and enhanced customer experience. On the other hand, with the progression of open banking, there will be a drastic change in the ecosystem as innovators will be a part of the big table. And by means of making data and systems available to third parties, banks can expand their addressable market, achieve product diversity and commercialise core systems.

In Nigeria, nevertheless, integrating with banks and the financial network has been a complex thread; and anecdotally, as much as 90 percent of all integration projects with banks either fail or are significantly delayed, thus rendering them out-of-date. At this time, startups have to integrate with each bank, which could last months or even years. Even in the case where two banks use the same software, such as Finacle or Flexcube, the technical approach poses a barrier due to the uniqueness of and customised elements within each implementation. With all these challenges, it becomes imperative for a common standard and language for financial services providers to converse; and this is where Open Banking in Nigeria comes into play.

Meanwhile, across the globe, forms are transforming into entering into treaties to share financial data through channels, including APIs. For illustration, in the United States of America (USA), Wells Fargo Bank announced a partnership with Xero (Financial Software Provider) to share all transactions performed in the bank account with the accounting software. Singapore has also launched a large Fintech market built largely around APIs to regulate banking activities.

Other cases for the launch of open banking include the announcement by Finextra that BBVA has officially launched its Banking-as-a-Service platform in the US, using APIs to let firms offer their customers financial products without having to take on full banking themselves. Companies simply plug into a core digital platform and then access APIs including, Move Money, Identity Verification, Account Origination, and Card Issuance services. Also, in Australia, a new data-sharing regime which gives consumers greater access to, and control over, their data, permitting accredited third parties to receive banking data when customers provide express consent for it to be used for a specific purpose took effect July 2019 and other developments in the UK and some parts of Europe and, then, the 2017 open banking framework introduced by the Hong Kong Monetary Authority.

Although the major question banks and other financial services providers may have to ask is: ‘Do I have an inventory framework to know what data has been shared and received and how am I using it?’ Here, all parties involved need to be clear on who sent the data, why and what the data is going to be used for.

Without a doubt, open banking does come with risks and most conversations and concerns around open banking include privacy breaches, data security, cybercrime and fraud. Although open banking does have the potential to magnify the breach and cybersecurity risks when they happen, this could mean financial and reputational exposure for the affected organisations. However, the financial services sector is one of the most secure sectors in Nigeria and PwC experts envisage players will be able to improve their existing security posture to cater to specific open banking threats.

The journey to the acceptance of open banking in Nigeria is very much ongoing, and appears to have a lot of drive. At the moment, legacy banks like First Bank and Union Bank; modern banks like Sterling Bank, FCMB, Fidelity Bank and Heritage Bank; and even neo-banks such as Kuda, Sparkle, VFD Bank and Rubies are on board on the drive. They join the diverse group of providers and partners helping to transform the digital experience in Nigeria.