The need for better financial services, increased transparency, and more competition in the market drives open banking and its users. But what does it mean for the future of banking in Nigeria?
The move toward open banking is part of a global trend to create customer-first financial experiences and more connected ecosystems. The Central Bank of Nigeria (CBN) has been championing this transition to strengthen Nigeria’s financial access and efficiency.
For traditional banks, this presents both new opportunities and significant challenges. On one side, open banking offers avenues to generate new revenue streams and improve customer engagement.
On the other, it introduces fierce competition as fintechs milk data-sharing to offer innovative products that could disrupt the market.
Not every bank or fintech company can jump in. There are strict requirements around regulatory compliance, data security, and technical readiness for open banking users. The Central Bank of Nigeria will only allow institutions that meet these standards to operate within the open banking framework.
This begs the question: Who would CBN allow to run open banking in Nigeria, and what would it take for banks and fintech companies to participate?
Key requirements for open banking users in Nigeria
To participate in Nigeria’s open banking ecosystem, there are specific requirements based on the institution’s regulatory status, risk management maturity, and the type of data they seek to access.
The data categories include:
1. Product Information and Service Touchpoints (PIST): This category includes general products and low-risk information such as ATMs and agent locations, service channels (websites/apps), institution identifiers, service codes, fees, charges, interest rates, and tenors.
2. Market Insight Transactions (MIT): This category includes moderately risky aggregated statistical data on products, services, and customer segments, but it excludes any identifiable customer information. Data in this category is useful at both organizational and industry levels.
3. Personal Information and Financial Transactions (PIFT): PIFT involves high-risk customer-specific data, including KYC details, account types, balances, loan information, bill payments, and recurring transactions.
4. Profile, Analytics, and Scoring Transactions (PAST): PAST data consists of highly sensitive analytical information that evaluates or scores customers, such as credit scores and income ratings.
To that end, CBN has introduced a structured framework that classifies participants into different tiers, aligning their data access privileges with their capacity to handle varying levels of sensitive information.
Tier 0: Participants without regulatory licenses.
Onboarding is managed by sponsoring Tier 2 or Tier 3 participants, who must register on the Open Banking Registry with a risk assessment report signed by their Chief Risk Officer.
Access privileges for this tier include PIST and MIT which are low risk and less likely to expose individual customer details.
Examples of open banking users in this tier include:
- Fintech startups in the early stages of development and not yet licensed. These might include app developers or technology providers focusing on niche financial services.
- Companies offering basic digital services or solutions that are not yet fully operational at scale.
Tier 1: Participants in the CBN Regulatory Sandbox
Participants must be admitted into the CBN regulatory sandbox. The CBN may set additional requirements on a case-by-case basis. Tier 1 participants are also listed on the Open Banking Registry.
Access privileges for this tier include PIST, MIT, and PIFT because they have the controls needed to protect individual customer information.
Examples of participants in this tier include:
- Companies testing new financial products or technologies, such as alternative credit scoring platforms, digital lending solutions, or payment processors.
- Startups working on solutions to provide financial services to underserved or unbanked populations.
Tier 2: Licensed payment service providers and Other Financial Institutions (OFIs)
Tier 2 participants must hold a valid CBN license and provide a satisfactory risk assessment report from at least two partner participants (one Tier 2 and one Tier 3 participant). The report should cover governance, financial stability, control environment, and risk management practices. They must also be listed on the Open Banking Registry.
Access privileges for this tier include PIST, MIT, PIFT, and PAST.
Examples of participants in this tier include:
- Established fintech companies with operational licenses, such as payment gateways, digital banks, and remittance service providers.
- Licensed payment service providers offering regulated financial services.
- Investment and insurance firms providing insurance products, or investment services that require access to detailed financial and personal data.
Tier 3: Deposit money banks
Tier 3 participants need to hold a valid CBN license and meet the same rigorous risk assessment standards as Tier 2 participants. They must also be listed on the Open Banking Registry.
Access privileges for this tier include PIST, MIT, PIFT, and PAST because they have robust systems and governance structures to handle more sensitive information.
Examples of participants in this tier include::
- Major Nigerian banks such as Zenith Bank, Access Bank, and First Bank.
- Global banks with a significant presence in the Nigerian market, like Standard Chartered or HSBC.
The CBN will allow all licensed banks, OFIs, and fintech companies that play by the rules to participate.
If you’ve got a license from the CBN to perform certain activities—like providing account balances or transaction statements—whether you’re a bank or a fintech company, you can now do it in a standardized format that works smoothly across the board.
