Open Banking and Digital Finance: Who Protects Consumers in Hybrid Financial Transactions?
The Operational Guidelines for Open Banking in Nigeria was issued in May 2022.
It established principles for sharing of customer’s data with other entities across the banking and payments system to provide innovative financial services. They only apply to banking and other related financial services. The Central Bank of Nigeria (CBN) shall provide and maintain an Open Banking Registry (OBR), a public repository for details of registered participants in the ecosystem. Consent is required from customers whose data may be required by services provider to avail them of financial products and services.
Let’s assess some consumer protection issues.
Clearly, a critical issue relates to privacy and data protection. It has been established by the courts that consumers in digital communications by telecommunication companies cannot be wantonly solicited for custom, or have their data released to third parties without their consent.* The Open Banking Regulations and Nigeria Data Protection Regulation, 2019 (NDPR) establish the need for consent by consumers to the use of their data.
The question is: How informed can that consent be, how is adequate explanation of the potential consequences transmitted and verified? For example, consumers account balances will be open to third parties and liable to risk of accidental or malicious use due to hacking or deliberate release in the chain of transaction. With the high rate of scams and abductions, there may be added risk of exposure.
Risk of aggressive debt collection by automatic swiping of any deposits to consumer’s accounts by creditors is another. There is risk of denial of service by smart contracts, because the consumer is considered by algorithms to be higher risk, simply by virtue of impecuniosities, rather than by actual track record of credit default risk.
How informed can the consent of candidates for inclusion who are financially illiterate and unable to easily understand open banking and the risks involved be? Open banking is neither primarily suited for nor designed for the unserved. However, it may assist them, by enabling them to access services without being subject to conventional credit scoring/bureaus. Does that mean that open banking is not for the unserved? If so, a discriminatory class of the “excluded” may be created, even where they possess requisite digital identity.
The Banks and Other Financial Institutions Act 2020 (BOFIA 2020) provides that financial products and services of banks and other financial institutions (OFI’s) shall not be subject to consumer protection rules under the Federal Competition and Consumer Protection Commission (FCCPCA) Act. Confusingly, they are required to implement and observe extant consumer protection laws although laws of sales and services have been fundamentally altered by FCCPA. Again, no other regulator, other than the CBN shall have power to regulate them, subject to the right of the Governor to share information or grant special permission of examination to other regulators.
To what end is not clear, as that other regulator is presumably excluded from exercising its regulatory power over banks and OFI’s. BOFIA also empowers CBN to coordinate any arrangements for collaboration where regulatory jurisdictions overlap. These provisions may eventually require judicial interpretation. The draftsman apparently seeks to provide untrammeled freedom to regulate the banking system to CBN. As long as transactions are exclusively lending transactions, that may plausibly be unimpeachable.
However, in vendor credit transactions (where the financial player integrally sells tangible goods or services as a vendor or market place) by banks and OFI’s, or in hybrid finance transactions (lending transactions involving sale or hire of goods by the lender or connected sellers), which regulator shall deal with consumer complaints? Bear in mind that those types of transactions usually involve third parties, non-financial sector players (not normally subject to regulation by CBN), as sellers of goods and services.
Usually, hybrid transactions are treated as primarily lending transactions, with issues of quality and other sale of goods considerations being secondary. Vendor credit or services transactions are regarded as credit sale transactions with sale of goods or service transaction considerations being primary and Sale of Goods legislation or common laws and related legislation on services and the FCCPCA providing the more comprehensive rules.
Hire purchase transactions are usually about lending, albeit with connected duties of quality, fitness for purpose and title. According to BOFIA 2020, only CBN can regulate banks and OFI’s, although they should comply with relevant consumer protection rules under extant legislation and the general law. This probably means that those rules are deemed to be incorporated and apply, by necessary implication, subject to BOFIA.
Could this not provide less stringent consumer protection rules for banks and OFI’s? Does BOFIA increase risks of interpretative litigation? Will the redress mechanisms restricted to CBN, as provided under the architecture of BOFIA 2020, be adequate for the likely volume of related transactions?
The Open Banking Regulations do not currently include sale of goods and other non-financial services transactions. Does this not mean that transactions that stray beyond categories currently covered constitute a breach and not subject to redress under the Regulations?
Terms and conditions of open banking or of digital contracts may be drafted to exclude or limit the rights of consumers. Under FCCPA, such clauses are void. What shall be the position under BOFIA? Will there be regulatory due diligence to ensure that such terms are flagged and brought to consumers knowledge for informed waiver consent? Should there really be divergent rules? Again, article 10.0 x. of the Open Banking regulations provides that: “Participant and its partner shall be jointly responsible and bear liability for any loss to the customer, except where the participant can prove willful negligence or fraudulent act against the customer.” Does this include losses regarding protective consumer rights to good quality, fitness and return in sales or hire purchase, or relevant terms in services transactions, separate from the lending component?
Does CBN have adequate resources and capacity to exclusively ensure optimal and comprehensive consumer protection? After all, the Consumer Protection Framework, 2019 only covers financial products and services. What volume of complaints or supervisory oversight can CBN handle without losing focus of other important essential functions? A posture where CBN acts as the lead regulator and utilizes strategic alliances, ongoing dialogue and coordinated joint action with other relevant regulators to provide end-to-end consumer protection may be more pragmatic, effective and within the true intendment and spirit of section 64 of BOFIA 2020. Hopefully, these questions are useful for fine tuning regulations, risk based supervision and enforcement strategy by CBN’s Consumer Protection Department.
— — — — — — — — — — — — — — — — — — —
Professor Olawale Ajai is the Policy Lead at the Sustainable and Inclusive Digital Financial Services initiative of the Lagos Business School
