Tag

2023 Archives - DEALHQ PARTNERS

CBN LIFTS RESTRICTION ON THE OPERATION OF BANK ACCOUNTS BY VIRTUAL ASSETS SERVICE OPERATORS (VASPs) IN NIGERIA.

On Friday 22nd December 2023, the Central Bank of Nigeria (“CBN”) lifted its hitherto ban restricting banks and financial institutions from dealing in or facilitating cryptocurrency related transactions through its recently published “Guideline on Operations of Bank Accounts for Virtual Assets Service Providers (VASPs)” which now authorizes Banks and other Financial Institutions to provide  banking services to virtual asset service providers (VASPs) in compliance with relevant anti-money laundering laws issued by competent authorities. VASPs, Digital Assets Custodians, Digital Assets Offering Platforms, Digital Asset Exchanges, Digital Asset Exchange Operators, and any other entity that may be categorized by the CBN who are licensed by the Securities and Exchange Commission, can now legally operate a designated account with banks and financial institutions subject to the conditions stipulated in the Guideline.

The CBN’s earlier directive of February 5th, 2021, had excluded cryptocurrency transactions from the scope of transactions permitted to be facilitated or processed by financial institutions operating within Nigeria’s mainstream banking system. The 2-year ban which was the Apex Bank’s response to global concerns around money laundering and terrorism finance risks underlying the very opaque and unregulated cryptocurrency market has set the country back significantly from harnessing the benefits of the early adoption of digital currencies as a viable financial asset class.

The Guideline signals a positive change for Nigeria’s hitherto comatose digital assets ecosystem as financial institutions can now outside of their primary activity; facilitate the opening and operation of accounts for VASPs whilst being mandated to establish adequate risk management systems for combating money laundering, financing of terrorism and countering proliferation financing and to ensure adequate activity monitoring/tracking and customer protection. It is worthy of note that this guideline still prohibits banks and other financial institutions from holding, trading and/or transacting in virtual currencies on their own account.

The Guideline prescribes strict requirements for the onboarding of VASPs and operation of bank accounts by VASP account holders – including protocols for customer onboarding/due diligence in a bid to entrench transparency and effective reporting.  Also, it sets operational and transactional limit for all VASP accounts whilst… Click here to download article

 

About DealHQ

We are an Africa Focused deal advisory/boutique commercial law firm focused on supporting businesses and positioning them to operate efficiently within their market sphere. We are known for our quality service delivery which is focused on attention to detail, creativity, timely execution and client satisfaction.

Our service offering includes: corporate commercial, real estate & construction, finance, capital markets & derivatives, mergers and acquisitions, private equity, infrastructure, technovation and data privacy, agriculture & commodities, business formations & start up support amongst others.

The content of this Article is not intended to replace professional legal advice. It merely provides general information to the public on the subject matter.

Email: info@dealhqpartners.com; clientservices@dealhqpartners.com

Telephone: +234 1 4536427 or +234 9087107575

 

WHAT YOU NEED TO KNOW ABOUT THE RECENTLY PUBLISHED NDPC GUIDANCE NOTICE ON THE FILING OF DATA PROTECTION COMPLIANCE AUDIT RETURNS.

Introduction

In compliance with the Nigeria Data Protection Act (“NDPA”), the Nigeria Data Protection Commission (“NDPC/Commission”) on 15th of November 2023 published its Guidance Notice (Notice) on the Filing of Data Protection Compliance Audit Returns (CAR) which is set to take effect from 1st January 2024. This notice sets out procedure to be adhered to by Data Processors and controllers when filing their mandatory annual Compliance Audit Report with the Commission emphasizing the Commission’s commitment to tighten the oversight role in the protection and enforcement of Data Subject rights on the one hand and to engender data usage trust within Nigeria’s burgeoning digital ecosystem.

The Guidance Notice highlights the requirements for inclusion in the Commission’s National Data Protection Adequacy Programme (NaDPAP) Whitelist to be published by the Commission on Data Controllers and Data Processors who demonstrate commitment to safeguarding Data Subjects Rights and prioritize compliance with NDPR.

  1. NDPR Remains the Primary Regulation Governing Annual CAR Filings in Nigeria

The Guidance Notice lays to rest any doubt about the continued applicability of the NDPR following the enactment of the Nigeria Data Protection Act by recognizing it as the primary regulation governing the filing of the mandatory Compliance Audit Report. Data Controllers and Data Processors who have processed personal data of more than 2000 data subjects within the preceding 12 months are by law, mandated to file their Data Protection Compliance Audit Report with the Commission, in accordance with Articles 4.1 (5 & 7) of the NDPR.

It is noteworthy to mention that this is consistent with Section 64(2)(f) of the NDPA, which states that the provisions of NDPR remains in full force and effect except to the extent that any of its provisions is overridden by or conflicts with any provision of the Act.

  1. Vital Role of Data Protection Compliance Organizations

The Notice emphasizes the crucial role of Data Protection Compliance Organizations (DPCOs) in the implementation of Nigeria’s Data Protection framework by supporting Data Controllers and Data Processors to developing self-guided compliance strategies that demonstrate transparent and accountable reporting in line with the NDPR. Specifically, the Guidance Notice identifies the underlisted as the key responsibilities of DPCOs:

i.   Facilitating the filing of CAR with the Commission:

DPCOs support Data Controllers and Processors with the conduct of Audits and submission of Reports with the Commission in line with the NDPR. The Notice emphasizes the need to ensure that DPCO’s services are priced in a manner that guarantees minimal financial burden on Data Controllers and Processors.

ii. Engaging in Non-Fee-Paying CAR Work:

DPCOs are encouraged to occasionally provide audit support service to start-ups, not for profit organizations and businesses who are unable to pay for the mandatory audit service as part of their Corporate Social Responsibility (CSR) to foster inclusive compliance.

iii. Knowledge Transfer for DPOs during Audit Exercise:

DPCOs are required to use the Audit exercise as an opportunity to provide practical training for DPOs and other personnel in the Client Organizations they serve. Evidence of such practical training embedded in the audit exercise will entitle the participating DPOs to Continuous Professional Development (CPD) Credit, which will be an essential audit parameter under the soon to be published NDPA General Application and Implementation Directive (GAID).

  1. Getting Listed on the NaDPAP Whitelist

The Notice outlines the compliance metrics for inclusion in the National Data Protection Adequacy Programme (“NaDPAP”) which include verifiable compliance with Data Protection Principles and Lawful Basis such as Privacy Policies and Notices, Consent forms; regular filing of CAR, sensitization of data subjects on data subjects’ rights, appointment of DPO, engagement of a DPCO, training and capacity building for Staff amongst others.

Successful filing of the CAR entitles Data Controllers/Processors to be listed in the National Data Protection Adequacy Programme (NaDPAP) Whitelist.  It is worthy to note that failure of a data controller or processor to file CAR as legally required is a ground for disqualification from being listed on the NADPAP Whitelist irrespective of whether such Data Controller or Processor has proven data privacy compliance policies and framework that comply with the prescribed requirement of the NDPA and NDPR.

Whilst being listed in the NaDPAP Whitelist establishes a presumption of compliance and a demonstration of the data controller/processors commitment to safeguarding data-subjects rights; it does not confer immunity or protection against Data Subject claims or liabilities.

  1. Mandatory Induction Training for DPOs

All designated DPOs are required to participate in the free induction training that will be organized by the Commission in January 2024. The training is expected to re-enforce the rights of data subjects and compliance obligations outlined in the NDPA and the GAID.

  1. Minimum Information Requirement for inclusion in a Compliance Audit Report

The notice highlights the key focus areas for any CAR to be filed with the Commission. Each Report accompanying the NDPC audit questionnaire shall at the minimum cover the underlisted:

i.  Evidence of the Data Controller/Processor’s awareness of the provisions of the NDPR, as contained in the  internal data privacy framework of the organization.

ii. Evidence of Capacity Building and Continuous Training of Staff, Contractors, Licensees on their obligations as data administrators under the NDPA.

iii. Implementation of Privacy Policy and Notices within the organization, that align with NDPR requirements.

iv. Clear and detailed compliance directives communicated to all individuals involved in data processing, emphasizing adherence to the NDPR.

v.  Appointment and availability of Data Protection Officers overseeing and ensuring compliance with the NDPR.

vi. An inventory of the categories of personal data being processed and maintained by the Data Controller or Data Processor, specifying the principles and lawful basis for processing each category.

vii. Technical Measures implemented to ensure Confidentiality, Integrity, and Availability of Personal Data guided by the principles of Privacy by Design and by Default.

vii. The institutionalization of a robust mechanism for addressing grievances related to data protection.

viii. A comprehensive list of all agents or contractors engaged in data processing, along with details of their training programs and overall compliance with the NDPA.

  1. Default and Non-Compliance with filing CAR

Non – Compliance with CAR filing on or before the deadline which is set for March 2024 attracts a default fee of an additional 50% of the filing fee. Additionally, non-compliance with the Notice may amount to a violation of the NDPA, which attracts penalty as prescribed under the NDPA.

Conclusion

It is imperative for Data Controllers and Data Processors to prioritize timely and efficient filing of the yearly mandatory Data Privacy Compliance Audit Report in accordance with the NDPA and this not only signifies adherence to regulatory standards but also underscores a collective responsibility to fortify data privacy measures, ensuring a safe and secure digital ecosystem for all stakeholders.

 

This Article is written by DealHQ’s Technovation and Data Governance Practice Team.

DealHQ is a licensed Data Protection Compliance Organization (DPCO). We understand the importance of safeguarding sensitive data and complying with local and foreign data protection laws applicable to your business to protect your organization’s reputation and mitigate potential cybersecurity or data violation risks which can have significant financial, legal, and systemic implications for your Business. Our service niche includes (1) Data Protection/Governance Advisory (2) Data Protection Compliance Support (3) Data Protection Audit Services and (4) Outsourcing of Data Protection Officers.

*The content of this Article is not intended to replace professional legal advice. It merely provides general information to the public on the subject matter.*

To know more about our Data Privacy Services? Please contact our team:

Email: info@dealhqpartners.com; clientservices@dealhqpartners.com

Telephone: +234 1 4536427 or +234 9087107575

Overview of the Guidelines for Contactless Payments in Nigeria

Nigeria has experienced significant growth and development in its financial sector, driven in large part by the integration of technology.
Technology has revolutionized the Catering to individuals seeking both quality and affordability, easewatches.me, established in 2023, has positioned itself as an ideal destination for those looking to purchase replica watches without compromising on style or craftsmanship. way banks operate in Nigeria, enhancing their efficiency, expanding their reach, and transforming the customer experience. The growth of fintech companies has further entrenched the relevance of technology and its potential to redefine the Nigerian financial services ecosystem.
The financial services sector has been at the forefront of leveraging technology to address challenges, enhance services, and stimulate economic growth. With banks and fintech companies in Nigeria embracing innovative solutions such as mobile banking, online platforms, and electronic payment systems to offer convenient and accessible financial services to a wider population, it is clear that there is a recognition of the potential inherent in technology to reshape financial services.
A case in point which highlights the efforts being put into building a more innovative financial ecosystem is the introduction of contactless payments. The COVID pandemic and the resultant lockdown triggered significant changes in the payment industry. Specifically, it amplified the need for contactless payments and ushered in a wave of unprecedented innovation and product development in the payment industry globally.
Given the record traction in the Nigerian payment market, the Central Bank of Nigeria (CBN), recognizing the… Click here to download article...

Forniamo il miglior orologio replica con movimento svizzero per donne e uomini. Gli orologi svizzeri replica di alta qualità più popolari in vendita.

About DealHQ

We are an Africa Focused deal advisory/boutique commercial law firm focused on supporting businesses and positioning them to operate efficiently within their market sphere. We are known for our quality service delivery which is focused on attention to detail, creativity, timely execution and client satisfaction.

Our service offering includes: corporate commercial, real estate & construction, finance, capital markets & derivatives, mergers and acquisitions, private equity, infrastructure, technovation and data privacy, agriculture & commodities, business formations & start up support amongst others.

The content of this Article is not intended to replace professional legal advice. It merely provides general information to the public on the subject matter.

You may contact our team on:

Email: info@dealhqpartners.com; clientservices@dealhqpartners.com

Telephone: +234 1 4536427 or +234 9087107575

WHAT YOU NEED TO KNOW ABOUT THE NIGERIA DATA PROTECTION ACT, 2023

INTRODUCTION

As technology and digital innovation continues to advance, the volume of data generated and exchanged by users of the internet, mobile/web applications and other digital devices has raised the security of personal data to the status of “matter of national concern” in Nigeria.

On the 14th of June 2023, the President of the Federal Republic of Nigeria, signed into Law, the Nigerian Data Protection Act (the Act) thereby establishing by statute, the Nigerian Data Protection Commission; which is entrusted with the power to make and enforce regulations for the protection and security of the personal data of Data Subjects in Nigeria.

  1. SCOPE OF THE LAW

The Act provides the legal framework for the establishment of the Nigeria Data Protection Commission, the regulation of the processing of personal data of Data Subjects, and for other related matters. The objective of the Act is to safeguard the constitutional right of Data Subjects in Nigeria as relates to the processing activities undertaken by Data Processors or Data Controllers.  A Data Controller is a person, organization, or a statutory body who determines the purposes for, and the way Personal Data is processed or is to be processed. Consequently, a Data Processor is one who processes the data in the manner prescribed by a Data Controller).

  1. WHO DOES THE ACT APPLY TO?[1]

The Act applies to and is binding on Data Controllers or Data Processors who are either:

  1. Resident or operating in Nigeria;
  2. Processing data within Nigeria; or
  3. Processing data of Data Subjects in Nigeria.
  1. EXEMPTION

Data Controllers or Processors who fall into any of the underlisted categories are exempted from the application of the Act:

  1. One or more individuals who process personal data solely for personal or household purposes;
  2. Data Controllers or Processors who deal with/process personal data which have been prescribed for exemption by the Commission.
  1. ESTABLISHMENT OF THE NIGERIA DATA PROTECTION COMMISSON

The Act establishes the Nigeria Data Protection Commission as an independent body responsible for prescribing regulations, codes, guidelines, and procedures in furtherance of its functions geared towards the enhancement of personal data protection.

The overall policy direction of the affairs of the Commission shall be controlled by a governing council which shall consist of seven people headed by a Chairman who shall be a retired judge of a superior court of record. All seven members of the governing council shall be appointed by the President on the recommendation of the Minister.[2]

  1. LAWFUL BASIS FOR PROCESSING PERSONAL DATA

Personal Data of a Data Subject can only be processed when a lawful basis for such has been established. The Act like other Data Privacy statutes (such as the GDPR) recognizes that Lawful Basis shall be deemed established in the following scenarios:

  1. Consent: Data Subject’s consent has been procured and the consent has not been withdrawn;
  2. Contract: Processing the personal data is necessary or the performance of a contract for which the Data Subject is a Party;
  3. Legal Obligation: Processing the data is necessary for compliance with a legal obligation to which the Data Controller or Processor is subject;
  4. Public Interest: Processing the personal data is necessary for public interest purposes or in exercise of official authority vested in a controller;
  5. Vital Interest: to protect a life;
  6. Legitimate Interest: Where the processing of personal data of a data subject is necessary in the legitimate interest of the processor or another third party.

Relatedly, even after Lawful Basis is established, every Data Processor is expected to adhere to these general principles:

  1. Personal Data must be processed in a fair and transparent manner;
  2. Personal Data must be collected for a specified and legitimate purpose; and must not be further processed in a manner or for a purpose incompatible with that which has been specified;
  3. Personal Data collected must be limited to that which is adequate and relevant for the purpose for which it is collected;
  4. Personal Data must be retained only for only as long as is necessary to achieve the Lawful Basis for which it was collected;
  5. Personal Data must be processed in a manner that guarantees the security of personal data against loss, unlawful processing, destruction loss or damage.
  6. Personal Data is processed for the purpose of a legitimate interest by a data controller or third party to which the data is disclosed.
  1. KEY PROVISIONS TO NOTE

Amongst other things, the following mandatory provisions are to be noted by and complied with by all Data Controllers and Processors:

a. MANDATORY APPOINTMENT OF A DPO

All Data Controllers and Processors of major importance[3] are now mandated to appoint a designated Data Protection Officers (DPO) with expert knowledge of data protection laws and practices and who may either be an employee of the organization or engaged under a valid service contract[4].

b. DATA PROTECTION IMPACT ASSESSMENT

Every Data Processor or Controller who envisages that any of its processing activity is likely to violate or result in high risk to the rights and freedom of  Data Subjects by virtue of its nature, scope, context and purpose; is mandated to conduct a data protection impact assessment. It is expected that the Commission will issue guidelines to establish the categories of processing which will now require the conduct of data protection impact assessment.[5]

c. REPORTING DATA BREACHES

Every Data Controller is required to notify the Commission within 72 hours of becoming aware of any personal data breach which is likely to result in a risk to the right and freedom of a Data Subject.[6]

d. CROSS BORDER DATA TRANSFER

Cross-Border Transfer of personal data to third parties no longer requires the supervision/consent of the Attorney General of the Federation. Notwithstanding Personal Data of Data Subjects cannot be transferred to a cross border recipient; unless the transferor has satisfied itself that the foreign third-party recipient:

  1. Has a lawful basis for processing such data;
  2. Has in place a mechanism to ensure adequate level of protection of such data to the extent and level prescribed by the Act. [7]

e. REGISTRATION OF DATA PROCESSORS AND CONTROLLERS

The Act mandates the registration of Data Controllers and Data Processors of major importance with the Commission within six months from the commencement of the Act or of becoming a Data Controller or Data Processor of major importance.  The Act also prescribes the process of registration and grants the Commission the power to prescribe the registration fee and to grant exemptions from registration at their reasonable discretion. Furthermore, Registered Processors and Controllers must notify the Commission of any change in the registration details provided.

The Commission is expected to keep a register of Data Controllers and Processors on its website and to update same regularly. When a Data Controller or Data Processor ceases to be one of major importance, it must notify the Commission who shall remove its name from the register[8].

f. GENERAL RIGHTS OF DATA SUBJECTS

The Act guarantees Data Subjects the inherent right to:

  1. Obtain from a Data Controller; confirmation as to whether its personal data is being stored or processed and where so; further information on the purpose, nature/category of data being processed, recipients of such data including international/cross border recipients, period for which data will be kept;
  2. Right to demand rectification, erasure or restriction in processing (pending resolution, objection or enforcement of a legal claim) without delay;
  3. Right to decline to give or to withdraw consent;
  4. Right to demand discontinuation of processing (except on grounds of public interest);
  5. Right to lodge a complaint with the Commission;
  6. Right not to be subject to a decision based solely on automated processing of personal data.

g. RIGHT OF AGGRIEVED DATA SUBJECTS TO FILE COMPLAINTS WITH THE COMMISSION

The Act has provided a procedure for Data Subjects whose rights have been violated or is likely to be violated by any Data Controller or Processor; to file a complaint with the Commission[9]. The Commission is mandated to investigate and where it is established that the right of a Data Subject is likely to be violated, the Commission will  issue an appropriate compliance order  against such Data Controller including:-  (1) a warning (2) a directive to comply or (3)  a cease and desist order.

Where however an actual violation is established; the Commission may issue an enforcement order issuing sanctions against such Data Processor or Controller. Such order may include (1) a directive to remedy (2) a directive to pay compensation (3) order to account for profits made from a violation (4) order to pay penalty which in the case of a Data Controller of major importance will be the higher of NGN10Million or 2% of gross revenue for the preceding financial year.  Where the offender is not a Data Controller of major importance, the penalty will be the higher of NGN2Million OR 2% of gross revenue for the preceding financial year. Where Data processor or controller is dissatisfied with the order imposed by the commission, it is at liberty to apply to court for judicial review, within thirty days of the issuance such order[10].

Where an order is defiled, the defaulting Processor or Controller commits an offence and becomes criminally liable upon conviction by a competent court [11]. The court may also order the Processor or Controller upon conviction to forfeit any economic benefit or financial proceeds in accordance with the Proceeds of Crime (Recovery and Management) Act or any other similar law.[12]

h. JOINT AND VICARIOUS LIABILITY

Directors, Managers, Partners, Secretaries or other similar officer of any convicted Data Processor or Controller shall be deemed jointly and vicariously liable with the organization for any breach or violation or offense under the Act; unless such officer can prove that the offence was committed without his/her knowledge, consent or connivance; and that he/she exercised all such diligence to prevent the commission of the offence. Data Controllers and Data Processors also remain vicariously liable for the acts or omissions of their agents, clerks, servants or employees.[13]

  1. LIMITATIONS IN RESPECT OF LEGAL PROCEEDINGS AGAINST THE COMMISSION

Whilst the Commission remains a legal entity which can sue or be sued, Actions against the Commission are required to be instituted within three months of the time in which such cause of action arose and subject to the service of a one month written notice of intention to sue having been served on the Commission. The Act further directs that no execution or attachment process can be issued against the property of the Commission in respect of an action or suit filed against it[14].

  1. TRANSITIONAL PROVISION

The Act  recognizes and has given legitimacy to  all  actions (orders, rules,  decisions, directions, licenses and authorizations) of NITDA, OR the Bureau  done prior to the coming into force of the Act as if they are acts of the Commission itself and they shall remain binding  until they are waived, cancelled or repealed by the Commission. This includes specifically, the Nigerian Data Protection Regulation (NDPR) 2019.[15] The Nigeria Data Protection Commission effectively succeeds the erstwhile Nigeria Data Protection Bureau (NDPB) and puts to an end the argument that the NDPB is not statutorily created.

IMPLICATION FOR BUSINESSES IN NIGERIA

It is clear given the priority and attention given to  the assent of the by the newly elected President of Nigeria and the Federal Executive Council; that data privacy is recognized as a critical focus area for the Federal Government. It can therefore be fairly deduced that enforcement of the Act will be top of mind for the Government and the Commission.

The Act has further mandated registration for all data processors and controllers within the next six months. Consequently, Businesses operating in Nigeria except where exempt will be required to immediately reposition their protocol of operation to ensure consistent compliance with the Act. Finally, Data Processors and Controllers must keep as top of mind the potential risk of sanctions and criminal liability where they have directly or vicariously violated the rights Data Subjects as guaranteed under the Act.

This Article is written by DealHQ’s Technovation and Data Governance Practice Team, DealHQ is a licensed Data Protection Compliance Organization (DPCO). We understand the importance of safeguarding sensitive data and complying with local and foreign data protection laws applicable to your business to protect your organization’s reputation and mitigate potential cybersecurity or data violation risks which can have significant financial, legal and systemic implications for your Business. Our service niche includes (1) Data Protection/Governance Advisory (2) Data Protection Compliance Support (3) Data Protection Audit Services and (4) Outsourcing of Data Protection Officers.

About DealHQ

We are an Africa Focused deal advisory/boutique commercial law firm focused on supporting businesses and positioning them to operate efficiently within their market sphere. We are known for our quality service delivery which is focused on attention to detail, creativity, timely execution and client satisfaction.

Our service offering includes: corporate commercial, real estate & construction, finance, capital markets & derivatives, mergers and acquisitions, private equity, infrastructure, technovation and data privacy, agriculture & commodities, business formations & start up support amongst others.

The content of this Article is not intended to replace professional legal advice. It merely provides general information to the public on the subject matter.

Do you need to know more about our Data Privacy Services? You may contact our team on:

Email: info@dealhqpartners.com; clientservices@dealhqpartners.com

Telephone: +234 1 4536427 or +234 9087107575

Click here to download article…

[1] Part I Nigerian Data Protection Act, 2023.

[2] Part II and III of the Act.

[3] A Data Controller or Processor domiciled, resident in or operating in Nigeria who processes or intends to process personal data of such number of Data Subject within Nigeria as the Commission may prescribe as being of major importance.

[4] Section 33 of the Act.

[5] Section 29 of the Act.

[6] Section 41 of the Act.

[7] Part IX of the Act.

[8] Part X of the Act.

[9] Sections 47, 48 and 49 of the Act.

[10] Section 51 of the Act.

[11] Section 50 of the Act.

[12] Section 53 of the Act

[13] Section 54 of the Act

[14] Part XII of the Act.

[15] Section 64 the Act.

NIGERIA: UNDERSTANDING THE REGULATORY FRAMEWORK FOR OPEN BANKING

The open banking ecosystem in Africa has certainly taken flight, with countries such as South Africa, Kenya, Nigeria and Ghana recording unprecedented rate of product development, innovation and adoption across the regions digital financial services market. That said, strengthening financial systems regulation, risk management and financial data governance remain critical to achieving continuous and sustainable growth in the sector. The introduction of Nigeria’s open banking regulations is bold, audacious and enviable. It is expected that its implementation will be strategic and impactful.

Continue Reading

WHAT YOU SHOULD KNOW ABOUT THE APPROPRIATION ACT, 2023

PARAMETERS AND KEY ASSUMPTIONS

The 2023 “Budget of Fiscal Consolidation and Transition’’ was signed into law on the 3rd of January 2023; at its core, it focuses on maintaining fiscal viability and ensuring a smooth transition for the incoming administration, come May 29, 2023.

President Muhammadu Buhari in his speech at the joint session of the National Assembly on the 7th of October 2022, noted that beyond ensuring fiscal sustainability, his administration will in the new year focus on improving the country’s business enabling environment, accelerate revenue-based fiscal consolidation efforts and strengthen expenditure and debt management.

The 2023 budget proposal was primarily influenced by the Federal Government’s medium-term fiscal outlook which takes into cognizance current fiscal and economic realities such as the continuing global and domestic challenges sparked by recurring COVID-19 spikes, climate change and the impact of Russia-Ukraine War on global economies.  It is therefore anticipated that Nigerian State will grapple the headwinds of low revenue, high inflation, exchange rate depreciation and insecurity.

Key Elements of The Budget: Expenditure Summary

The expenditure policy of the Federal Government for 2023 is designed to achieve the strategic objectives of the National Development Plan (2021 – 2025), which include macroeconomic stability; human development; food security; improved business environment; energy sufficiency; improving transport infrastructure; and promoting industrialization through Small and Medium Scale Enterprises.

The aggregate expenditure (inclusive of GOEs and project-tied Loans) is projected to be NGN 21.83trillion – which is 20% higher than the total expenditure for 2022 (including supplemental appropriations).

  1. Recurrent (non-debt) spending is estimated at NGN8.33trillion, (including NGN200 Billion to fund the Federal Governments social investment programme). Total Recurrent (non-debt) spending therefore amounts to 38.2 % of total expenditure;
  2. Aggregate Capital Expenditure stands at NGN6.46trillion amounting to 30% of total expenditure which is 10% higher than the total Capital Expenditure spend for 2022;
  3. Total Debt Service spend stands at NGN6.31trillion amounting to 29% of total expenditure. This is 71. % higher than 2022 as it includes total interest payment of NGN1.2 trillion on Ways & Means Advances from the Central Bank.

Key Elements of The Budget: Revenue Summary

Total revenue available to fund the 2023 FGN Budget is estimated at NGN11.1 trillion. In aggregate, about 20% of projected revenue will come from oil-related sources, while circa 80% will come from non-oil sources primarily taxes and Government collections.  The Federal Government has therefore developed a robust strategy to enhance collections and widen the tax revenue pool. This includes:

  1. Improving non-oil revenue receipts, tax administration and sustain the effort to expand the non-oil revenue base;
  2. Strengthening tax systems by improving collection efficiency, enhancing compliance, and reorganizing the business practices of revenue agencies by deploying appropriate technology;
  3. Widening the tax net to include businesses in the informal sector;
  4. Introduction of frameworks for recovering duties, taxes and appropriate fees from custom related transactions conducted over electronic networks;
  5. Enhancing port efficiency, strengthen anti-smuggling measures, review of tariffs and waivers and issue of licenses for the development of modern terminals in existing ports, especially outside Lagos:
  6. Enforcing extant laws limiting cost-to-revenue ratio of GOEs to a maximum of 50 percent;
  7. Deploy Technology and ICT solutions needed to enhance revenue collections and compliance;
  8. Improve the performance of GOEs through the effective implementation of the approved Performance Management Framework.

Key Elements of The Budget: Deficit and Deficit Financing

Overall budget deficit stands at NGN10.78trillion (circa 4.78% of GDP) which is to be finance financed mainly through government borrowings from local and foreign sources including multilateral/bilateral loan draw downs and privatization proceeds. Once more this exceeds the threshold set by the Fiscal Responsibility Act however considering the existential security and economic challenges plaguing the Federal Government is compelled to increase its overall fiscal expenditure.

SUMMARY OF THE FINANCE BILL 2022

The Nigerian Finance Bill 2023 has been passed by both legislative houses but is yet to be assented to by the President. At the presentation of the budget by the Minister of Finance on 4th of January 2023, the Honourable Minister stated that the delay in the passage of the bill was as a result of the ongoing vetting and approval process from key stakeholders. it is anticipated that the bill which has now completed its legislative approval cycle will get executive assent any time now.

The Finance Bill amongst other things amends the: Capital Gains Tax Act (CGTA), Companies Income Tax Act (CITA), Customs, Excise Tariff, Etc. (Consolidation) Act, Personal Income Tax Act (PITA), Petroleum Profits Tax Act (PPTA), Stamp Duties Act (SDA), Value Added Tax Act (VATA), Corrupt Practices and Other Related Offences Act and Public Procurement Act.

The table below details the key changes in law effected via the Bill.

 

Conclusion

As is typical of this administration, the Federal Government kept to its commitment to pass and commence implementation of the Appropriation Act in a timely fashion even though the complementary Finance Bill suffered a delay snag. Generally due to the change of administration anticipated at around mid-year 2023, it is expected that supplementary appropriation laws will be passed to align the Appropriation Act with the Economic and Fiscal Policy of the incoming administration.  Furthermore, gleaning from the posture of the Federal Government and the spirit and letter of the budget it is expected (at least for the first half of the year) that:

  1. More incentives and tax holidays for players in the renewable energy sector will be implemented in line with the Federal Government’s intention to encourage domestic and industrial adoption of renewable energy alternatives.
  2. More repeals and cancellation of tax benefits and incentives;
  3. More effort to promote, incentivize and adopt technology and innovation;
  4. Fiscal instability, slow growth, food crisis, and high interest rates are likely to continue into 2023 as the underlying causes such as Russia-Ukraine war and the Covid-19 crises are yet to abate;
  5. Likely removal of fuel subsidy after the expiration of the extension will potentially increase the cost of living and doing business in Nigeria;
  6. Federal Government will drive revenue generation and tax collection aggressively;
  7. Increased government borrowing may provide short-term relief but lead to negative impacts such as higher interest rates, inflation, and shrinking disposable income in the long term;
  8. Federal Government will pass and effect the enforcement of the Finance Bill.

HOW TO GET STARTED

Do you need to know more about the Appropriation Act? Our Finance team is available to support you.

You may contact our team on: Email: info@dealhqpartners.com Telephone: +234 1 4536427 or +234 9087107575

Click here to download PDF