Download compliance checklist for financial institutions in Nigeria
DOWNLOAD OUR LATEST WHITEPAPERREGULATORY OVERVIEW
The banking sector in Nigeria, as with other sectors, has witnessed tremendous change in recent years. In particular, Nigerian banks have adopted a radical Information Communication Technology drive and are relying on various IT platforms for the provision of faster and more efficient banking solutions to their customers. Nigerian banks have identified the significant benefits and competitive opportunities offered by cloud services, such as agility, scalability, cyber resilience and secure access. The Central Bank of Nigeria (CBN) has acknowledged many of these benefits1. Cloud is expected to drive a rapid transformation in the Nigerian financial services sector as more institutions move to the cloud as part of the reassessment of their technology strategies. This includes testing and development of data analytics solutions, communications, CRM and business productivity applications.
Nigeria is witnessing great development in the financial service sector. New payment systems are emerging and FinTech has received significant interest to provide, for example, financial inclusion2 We expect that the Banks Verification Number which was introduced by the CBN in 20143 will improve collaboration and facilitate asset risk analytics to enhance decision making.
In principle, the financial services industry and the applicable regulators are open to cloud adoption provided concerns related to issues like privacy, control, and transparency are appropriately addressed4. In a highly regulated sector such as the financial services sector, it is however crucial to ensure that any move to the cloud complies with applicable regulation, and achieves the obvious benefits without undue risk.
MICROSOFT'S COMMITMENT TO THE NIGERIAN FINANCIAL SERVICES SECTOR
We believe that no cloud services provider has more experience of delivering compliant solutions to financial institutions in Nigeria than Microsoft. Having helped a number of financial institutions move to the cloud, Microsoft recognises that the role of the cloud service provider is to help facilitate compliance through full, transparent, proactive engagement with the financial institution and where appropriate, with financial regulators. Through this process of collaboration over a number of years (with both customers and regulators), Microsoft has developed excellent experience and a pool of practical resources to help financial institutions move to the cloud in a way that meets the highest compliance, risk and security standards.
From sharing product and service information in the initial project scoping phase through to assisting in any required consultation with financial regulators in Nigeria, Microsoft stands ready to support our financial services customers in Nigeria. Microsoft has already initiated plans to deliver the Microsoft Cloud - including Microsoft Azure, Office 365 and Dynamics 365 - from data centres located on the African continent, which will offer enterprise-grade reliability and performance to customers across Africa.
In addition, our subject-matter experts are available to understand your requirements and provide detailed information on the technical, contractual, regulatory and practical aspects of any cloud project. This is all part of our commitment to helping our financial services customers smoothly navigate their way to the Microsoft cloud with confidence and enjoy the benefits of the digital transformation.
THE REGULATORY ENVIRONMENT
The current financial services industry in Nigeria is characterized by a cohesive regulatory regime, with the Central Bank of Nigeria (the "CBN") being the major regulator for banks pursuant to the Central Bank of Nigeria Act, 2007. Other financial institutions, including those in the capital markets and the insurance sectors, pension funds and collective investment schemes are supervised by separate market regulators.
-
Currently, the banking industry in Nigeria is regulated by the CBN, the insurance industry by National Insurance Commission, and the pension industry by the National Pension Commission. The Security and Exchange Commission however has overarching responsibility for financial institutions other than banks, such as capital markets, primary investment of pension funds and collective investment schemes.
-
Cloud services are in principle permitted.
-
There is presently no specific regulation for cloud services in Nigeria.
For a bank, with respect to its move to the cloud, the following should (in addition to its other regulatory and compliance obligations5) be noted:
- Outsourcing rules: There are presently no specific rules regulating outsourcing of banking operations in Nigeria;
- (ii) banker-client confidentiality: A bank must maintain client confidentiality in respect of customer information. Banking secrecy covers information relating to the customer's account, the customer's transactions with the bank and information relating to the customer acquired through the keeping of his account. The duty to respect privacy and confidentiality is recognised under Nigerian law as a right to which a bank customer is entitled; and
- (iii) the CBN recommends that a bank complies with its IT Standards Blueprint.6
The Nigerian Insurance Act currently does not regulate outsourcing by insurers.
A move to the cloud by a bank or insurer will likely remain subject to the following key principles: (i) the financial institution remains responsible for the function (ii) the arrangement must not compromise the services provided to clients; (iii) privacy and (iv) the services must be regularly monitored.
-
Generally, approval is not required.
-
A bank must at all times be able to provide the CBN with necessary information and ensure the right of the CBN to carry out its supervisory functions and objectives, including the right to access information and on-site visits if the CBN considers necessary
-
Under the National Information Technology Development Agency Guidelines on Data Protection (the "Draft Guidelines"), personal information may be transferred out of Nigeria provided the requirements of the Draft Guidelines are met.7 The Draft Guidelines will permit the transfer of personal information outside Nigeria where adequate provisions are in place for its protection. This could take the form of legislation or contractual provisions which ensure adequate protection of personal information or could be sanctioned by consent of the data subject.
Microsoft holds itself accountable to and is subject to laws of general application applicable to information technology service providers, and has binding agreements which, in our view, provide adequate protection. In addition, Microsoft adheres to the EU Model Clauses as well as the EU Privacy Shield and the ISO 27018 Privacy Standard. Microsoft also ensures compliance with the EU General Data Protection Regulation (GDPR) which came into force in May 2018.
-
1 In the Nigerian Banking Industry Information Technology Standards Blueprint issued by the CBN (paragraph 6.1.1), it notes that benefits can include cost efficiencies, an elastic utility computing environment that supports on-demand scalability, convenience and continuous availability, back-up and recovery, and storage capacity.
2 Central Bank of Nigeria Guidelines on Mobile Money Services in Nigeria
3 Central Bank of Nigeria Regulatory Framework for Banks Verification Number Operations in Nigeria
4 Some of the risks noted by the CBN include risks of security, privacy, dependency, vulnerability and downtime (see Nigerian Banking Industry Information Technology Standards Blueprint issued by the CBN, paragraph 6.1.1).
5 Including under the Consumer Protection Framework.
6 Nigerian Banking Industry Information Technology Standards Blueprint issued by the CBN, which sets out the CBN's recommended framework and standards, and offers guidelines for a bank in relation to its engagement of information technology vendors and service providers.
7 Paragraph 4.1.8 of the National Information Technology Development Agency Draft Guidelines on Data Protection in Nigeria
WE BUILD OUR TRUSTED CLOUD ON FOUR FOUNDATIONAL PRINCIPLES
Security
We build our services from the ground up to help safeguard your data
Privacy
Our policies and processes help keep your data private and in your control
Compliance
We provide industry-verified conformity with global standards
Transparency
We make our policies and practices clear and accessible to everyone
INDUSTRY RESOURCES
Responding to the evolving cyber threat landscape in the financial services sector.
With the threats of cyberattacks becoming an ever-increasing problem in today’s financial landscape, the need for cybersecurity and protection of data and information has become of utmost importance. Find out what you can do to improve your security stance against cyberattacks.
INDUSTRY RESOURCES
RECOMMENDED RESOURCES
AI in Africa
Download the full whitepaper to learn more about the future of AI in Africa.
The Future Computed
Artificial Intelligence and its role in society
GDPR
Safeguard individual privacy with the Microsoft Cloud
Digital Transformation in the Cloud
Partnering with Microsoft helps your organization transform into a digital company by developing new capabilities.
Cloud for Global Good
A roadmap to a trusted, responsible, and inclusive cloud
CUSTOMER STORIES
Anglo-Gulf Trade Bank (AGTB)
Trade finance has become an option for the few―mostly large multinationals―leaving a trade-financing gap of around 1.5 trillion dollars worldwide. This gap implies a tremendous loss of economic growth potential for many countries.
Atura
Robotic chat advisor Atura takes advantage of artificial intelligence (AI) to offer powerful sales, onboarding, customer support, and transactional chatbot services, which improve customer experiences while reducing fees.
Bank of Beirut
Today’s customers want speed and personalization in all services. That’s why Bank of Beirut optimized its processes to improve customer experience and interaction with the bank by developing the DiGi BoB chatbot on the Microsoft Azure Bot Framework.
GHL Bank Ltd.
GHL Bank, 2018 Best Mortgage Company of the Year, was established in December 2017 in Ghana. As a digital bank, GHL used Microsoft Office 365 and Microsoft Azure to deeply integrate branches and increase employee productivity.
Mashreq Bank
International banking institution increases growth and market share through digital transformation
Redwood Bank
Redwood Bank puts business customers first with Microsoft Azure
Banco Angolano de Investimentos (BAI Group)
Innovative Angolan bank rethinks business with a cloud-first approach
goeasy Ltd.
Goeasy improves productivity, increases employee satisfaction with Surface Book and Office 365
Mashreq Bank
International banking institution increases growth and market share through digital transformation
Boursa Kuwait
Towards a more secure digitized stock trading venue in Kuwait
Ecobank Ghana Limited
Microsoft Power BI solution helps boost Ecobank’s business performance
Interswitch
Digital payments company answers questions about using Azure Blockchain Workbench to help build a more prosperous Africa
Standard Bank
The power of four: African bank embraces digitalization and increases efficiency with time-saving Microsoft Flow, PowerApps, Power BI, and SharePoint
NEDBANK
Internet and mobile apps, move over. The new industry disrupter is bot technology. Nedbank, one of the major...
Diamond Bank Plc
Diamond Bank is one of the 22 financial institutions operating in Nigeria, with a mission
ABN AMRO BANK
To prepare for its digital transformation, ABN Amro simplified and rationalized its IT...
Kuwait Finance House
Islamic banking pioneer innovates again with digital banking shift
Société Générale Corporate & Investment Banking
This article is part of a series about customers who've worked closely with Microsoft on Service Fabric