Tag

contactless Payment

CBN LIFTS RESTRICTION ON THE OPERATION OF BANK ACCOUNTS BY VIRTUAL ASSETS SERVICE OPERATORS (VASPs) IN NIGERIA.

On Friday 22nd December 2023, the Central Bank of Nigeria (“CBN”) lifted its hitherto ban restricting banks and financial institutions from dealing in or facilitating cryptocurrency related transactions through its recently published “Guideline on Operations of Bank Accounts for Virtual Assets Service Providers (VASPs)” which now authorizes Banks and other Financial Institutions to provide  banking services to virtual asset service providers (VASPs) in compliance with relevant anti-money laundering laws issued by competent authorities. VASPs, Digital Assets Custodians, Digital Assets Offering Platforms, Digital Asset Exchanges, Digital Asset Exchange Operators, and any other entity that may be categorized by the CBN who are licensed by the Securities and Exchange Commission, can now legally operate a designated account with banks and financial institutions subject to the conditions stipulated in the Guideline.

The CBN’s earlier directive of February 5th, 2021, had excluded cryptocurrency transactions from the scope of transactions permitted to be facilitated or processed by financial institutions operating within Nigeria’s mainstream banking system. The 2-year ban which was the Apex Bank’s response to global concerns around money laundering and terrorism finance risks underlying the very opaque and unregulated cryptocurrency market has set the country back significantly from harnessing the benefits of the early adoption of digital currencies as a viable financial asset class.

The Guideline signals a positive change for Nigeria’s hitherto comatose digital assets ecosystem as financial institutions can now outside of their primary activity; facilitate the opening and operation of accounts for VASPs whilst being mandated to establish adequate risk management systems for combating money laundering, financing of terrorism and countering proliferation financing and to ensure adequate activity monitoring/tracking and customer protection. It is worthy of note that this guideline still prohibits banks and other financial institutions from holding, trading and/or transacting in virtual currencies on their own account.

The Guideline prescribes strict requirements for the onboarding of VASPs and operation of bank accounts by VASP account holders – including protocols for customer onboarding/due diligence in a bid to entrench transparency and effective reporting.  Also, it sets operational and transactional limit for all VASP accounts whilst… Click here to download article

 

About DealHQ

We are an Africa Focused deal advisory/boutique commercial law firm focused on supporting businesses and positioning them to operate efficiently within their market sphere. We are known for our quality service delivery which is focused on attention to detail, creativity, timely execution and client satisfaction.

Our service offering includes: corporate commercial, real estate & construction, finance, capital markets & derivatives, mergers and acquisitions, private equity, infrastructure, technovation and data privacy, agriculture & commodities, business formations & start up support amongst others.

The content of this Article is not intended to replace professional legal advice. It merely provides general information to the public on the subject matter.

Email: info@dealhqpartners.com; clientservices@dealhqpartners.com

Telephone: +234 1 4536427 or +234 9087107575

 

WHAT YOU NEED TO KNOW ABOUT THE RECENTLY PUBLISHED NDPC GUIDANCE NOTICE ON THE FILING OF DATA PROTECTION COMPLIANCE AUDIT RETURNS.

Introduction

In compliance with the Nigeria Data Protection Act (“NDPA”), the Nigeria Data Protection Commission (“NDPC/Commission”) on 15th of November 2023 published its Guidance Notice (Notice) on the Filing of Data Protection Compliance Audit Returns (CAR) which is set to take effect from 1st January 2024. This notice sets out procedure to be adhered to by Data Processors and controllers when filing their mandatory annual Compliance Audit Report with the Commission emphasizing the Commission’s commitment to tighten the oversight role in the protection and enforcement of Data Subject rights on the one hand and to engender data usage trust within Nigeria’s burgeoning digital ecosystem.

The Guidance Notice highlights the requirements for inclusion in the Commission’s National Data Protection Adequacy Programme (NaDPAP) Whitelist to be published by the Commission on Data Controllers and Data Processors who demonstrate commitment to safeguarding Data Subjects Rights and prioritize compliance with NDPR.

  1. NDPR Remains the Primary Regulation Governing Annual CAR Filings in Nigeria

The Guidance Notice lays to rest any doubt about the continued applicability of the NDPR following the enactment of the Nigeria Data Protection Act by recognizing it as the primary regulation governing the filing of the mandatory Compliance Audit Report. Data Controllers and Data Processors who have processed personal data of more than 2000 data subjects within the preceding 12 months are by law, mandated to file their Data Protection Compliance Audit Report with the Commission, in accordance with Articles 4.1 (5 & 7) of the NDPR.

It is noteworthy to mention that this is consistent with Section 64(2)(f) of the NDPA, which states that the provisions of NDPR remains in full force and effect except to the extent that any of its provisions is overridden by or conflicts with any provision of the Act.

  1. Vital Role of Data Protection Compliance Organizations

The Notice emphasizes the crucial role of Data Protection Compliance Organizations (DPCOs) in the implementation of Nigeria’s Data Protection framework by supporting Data Controllers and Data Processors to developing self-guided compliance strategies that demonstrate transparent and accountable reporting in line with the NDPR. Specifically, the Guidance Notice identifies the underlisted as the key responsibilities of DPCOs:

i.   Facilitating the filing of CAR with the Commission:

DPCOs support Data Controllers and Processors with the conduct of Audits and submission of Reports with the Commission in line with the NDPR. The Notice emphasizes the need to ensure that DPCO’s services are priced in a manner that guarantees minimal financial burden on Data Controllers and Processors.

ii. Engaging in Non-Fee-Paying CAR Work:

DPCOs are encouraged to occasionally provide audit support service to start-ups, not for profit organizations and businesses who are unable to pay for the mandatory audit service as part of their Corporate Social Responsibility (CSR) to foster inclusive compliance.

iii. Knowledge Transfer for DPOs during Audit Exercise:

DPCOs are required to use the Audit exercise as an opportunity to provide practical training for DPOs and other personnel in the Client Organizations they serve. Evidence of such practical training embedded in the audit exercise will entitle the participating DPOs to Continuous Professional Development (CPD) Credit, which will be an essential audit parameter under the soon to be published NDPA General Application and Implementation Directive (GAID).

  1. Getting Listed on the NaDPAP Whitelist

The Notice outlines the compliance metrics for inclusion in the National Data Protection Adequacy Programme (“NaDPAP”) which include verifiable compliance with Data Protection Principles and Lawful Basis such as Privacy Policies and Notices, Consent forms; regular filing of CAR, sensitization of data subjects on data subjects’ rights, appointment of DPO, engagement of a DPCO, training and capacity building for Staff amongst others.

Successful filing of the CAR entitles Data Controllers/Processors to be listed in the National Data Protection Adequacy Programme (NaDPAP) Whitelist.  It is worthy to note that failure of a data controller or processor to file CAR as legally required is a ground for disqualification from being listed on the NADPAP Whitelist irrespective of whether such Data Controller or Processor has proven data privacy compliance policies and framework that comply with the prescribed requirement of the NDPA and NDPR.

Whilst being listed in the NaDPAP Whitelist establishes a presumption of compliance and a demonstration of the data controller/processors commitment to safeguarding data-subjects rights; it does not confer immunity or protection against Data Subject claims or liabilities.

  1. Mandatory Induction Training for DPOs

All designated DPOs are required to participate in the free induction training that will be organized by the Commission in January 2024. The training is expected to re-enforce the rights of data subjects and compliance obligations outlined in the NDPA and the GAID.

  1. Minimum Information Requirement for inclusion in a Compliance Audit Report

The notice highlights the key focus areas for any CAR to be filed with the Commission. Each Report accompanying the NDPC audit questionnaire shall at the minimum cover the underlisted:

i.  Evidence of the Data Controller/Processor’s awareness of the provisions of the NDPR, as contained in the  internal data privacy framework of the organization.

ii. Evidence of Capacity Building and Continuous Training of Staff, Contractors, Licensees on their obligations as data administrators under the NDPA.

iii. Implementation of Privacy Policy and Notices within the organization, that align with NDPR requirements.

iv. Clear and detailed compliance directives communicated to all individuals involved in data processing, emphasizing adherence to the NDPR.

v.  Appointment and availability of Data Protection Officers overseeing and ensuring compliance with the NDPR.

vi. An inventory of the categories of personal data being processed and maintained by the Data Controller or Data Processor, specifying the principles and lawful basis for processing each category.

vii. Technical Measures implemented to ensure Confidentiality, Integrity, and Availability of Personal Data guided by the principles of Privacy by Design and by Default.

vii. The institutionalization of a robust mechanism for addressing grievances related to data protection.

viii. A comprehensive list of all agents or contractors engaged in data processing, along with details of their training programs and overall compliance with the NDPA.

  1. Default and Non-Compliance with filing CAR

Non – Compliance with CAR filing on or before the deadline which is set for March 2024 attracts a default fee of an additional 50% of the filing fee. Additionally, non-compliance with the Notice may amount to a violation of the NDPA, which attracts penalty as prescribed under the NDPA.

Conclusion

It is imperative for Data Controllers and Data Processors to prioritize timely and efficient filing of the yearly mandatory Data Privacy Compliance Audit Report in accordance with the NDPA and this not only signifies adherence to regulatory standards but also underscores a collective responsibility to fortify data privacy measures, ensuring a safe and secure digital ecosystem for all stakeholders.

 

This Article is written by DealHQ’s Technovation and Data Governance Practice Team.

DealHQ is a licensed Data Protection Compliance Organization (DPCO). We understand the importance of safeguarding sensitive data and complying with local and foreign data protection laws applicable to your business to protect your organization’s reputation and mitigate potential cybersecurity or data violation risks which can have significant financial, legal, and systemic implications for your Business. Our service niche includes (1) Data Protection/Governance Advisory (2) Data Protection Compliance Support (3) Data Protection Audit Services and (4) Outsourcing of Data Protection Officers.

*The content of this Article is not intended to replace professional legal advice. It merely provides general information to the public on the subject matter.*

To know more about our Data Privacy Services? Please contact our team:

Email: info@dealhqpartners.com; clientservices@dealhqpartners.com

Telephone: +234 1 4536427 or +234 9087107575

Overview of the Guidelines for Contactless Payments in Nigeria

Nigeria has experienced significant growth and development in its financial sector, driven in large part by the integration of technology.
Technology has revolutionized the Catering to individuals seeking both quality and affordability, easewatches.me, established in 2023, has positioned itself as an ideal destination for those looking to purchase replica watches without compromising on style or craftsmanship. way banks operate in Nigeria, enhancing their efficiency, expanding their reach, and transforming the customer experience. The growth of fintech companies has further entrenched the relevance of technology and its potential to redefine the Nigerian financial services ecosystem.
The financial services sector has been at the forefront of leveraging technology to address challenges, enhance services, and stimulate economic growth. With banks and fintech companies in Nigeria embracing innovative solutions such as mobile banking, online platforms, and electronic payment systems to offer convenient and accessible financial services to a wider population, it is clear that there is a recognition of the potential inherent in technology to reshape financial services.
A case in point which highlights the efforts being put into building a more innovative financial ecosystem is the introduction of contactless payments. The COVID pandemic and the resultant lockdown triggered significant changes in the payment industry. Specifically, it amplified the need for contactless payments and ushered in a wave of unprecedented innovation and product development in the payment industry globally.
Given the record traction in the Nigerian payment market, the Central Bank of Nigeria (CBN), recognizing the… Click here to download article...

Forniamo il miglior orologio replica con movimento svizzero per donne e uomini. Gli orologi svizzeri replica di alta qualità più popolari in vendita.

About DealHQ

We are an Africa Focused deal advisory/boutique commercial law firm focused on supporting businesses and positioning them to operate efficiently within their market sphere. We are known for our quality service delivery which is focused on attention to detail, creativity, timely execution and client satisfaction.

Our service offering includes: corporate commercial, real estate & construction, finance, capital markets & derivatives, mergers and acquisitions, private equity, infrastructure, technovation and data privacy, agriculture & commodities, business formations & start up support amongst others.

The content of this Article is not intended to replace professional legal advice. It merely provides general information to the public on the subject matter.

You may contact our team on:Bewerten Sie beste uhren wie schon 57 Kunden vor Ihnen! Ihre Erfahrung kann anderen helfen, informierte Entscheidungen zu treffen.

Email: info@dealhqpartners.com; clientservices@dealhqpartners.com

Telephone: +234 1 4536427 or +234 9087107575

replicauhrens.io bietet Ihnen Imitationsuhren bester Qualität zu den besten Preisen.