The Central Bank of Nigeria (CBN) has directed commercial banks, and Fintech companies not to share customers’ data without their consent.
The apex bank stated this in its “Operational Guidelines For Open Banking In Nigeria” released for May 2022.
Open banking requires that banks share their customers’ data with other competing financial institutions for the purpose of marketing and deployment of digital banking products and services.
In the guidelines, the CBN instructed “bank customers’ consent be obtained in the same form the agreement was presented and a copy of the consent of the customer shall be made available to the customer and preserved by the participants.”
The apex bank indicated that participants in open banking shall adhere strictly to security standards when accessing and storing data, and shall be subject to minimum privacy, operational, risk management and customer experience standards.
The CBN added that henceforth, the consent of the customer shall be re-validated annually, stating that where the Application Programming Interface Consumer (AC) had not used the service for 180 days, the participant shall ensure that the connection is configured to terminate upon expiration of the consent.
Source: Ripples Nigeria