Due to Nigeria\u2019s fintech boom borne out of its open banking framework, the Central Bank of Nigeria (CBN) has published a much-awaited regulation draft to govern open banking procedures. And at its core is the need to secure customer data through a robust set of requirements.\n\nThe regulations streamline how entities who handle customer banking information will secure their systems and share details within protected application program interfaces. They\u2019ll also seek to standardize policies for all open banking participants, and come at a time when the country is enjoying a boom of fintech and banking services that have attracted international funding in the startup space.\n\nAccording to the Africa Funding Startup 2021 report, Nigerian fintech has brought in more than half of the US$4.6 billion of total African startups, which underpins the growing need for more financial products, and facilitates greater data sharing across banking and payments systems that open banking provides.\n\nFor Emmanuel Morka, CIO at Access Bank Ghana, open banking is the future and enterprises should seize on the opportunity.\n\n\u201cTraditional banking is fading away,\u201d he says. \u201cOpen banking is the only way you can set systems like agency banking, mobile banking and use dollars.\u201d\n\nHe notes that fintech has been at the forefront of the open banking system in the region and believes it will spread across the continent. But wherever there\u2019s money, there\u2019s insecurity and the free exchange of application programming interface (API) across banking platforms has opened opportunities and risks as well. Unsecured systems and API channels can be a point of vulnerability.\n\nSecuring customer data\n\n\u201cOne of my headaches as a CIO is no one is fully protected,\u201d Morka said, adding that open banking has to ensure that customer data and assets aren\u2019t compromised, so all endpoints in his organization must be fortified. The Operational Guidelines for Open Banking in Nigeria published by the CBN stress that customer data security is critical for the safety of the open banking model. The preliminary draft will guide the industry discussion before the final guidelines are put in place by the end of the year.\n\nThe foremost thing to secure data, according to Morka, is to expose fit-for-purpose data for consumption. This means that CIOs need to limit data accessibility to what is requested and can be used.\n\n\u201cI see open banking as an exposure of some data over a secured standardized channel to third parties for consumer banking,\u201d he said. \u201cI am the bridge between business and technology.\u201d\n\nHe also says that it\u2019s not only the core banking products that need protection but also tools on CRM and other software that centers on customer data.\n\nThe framework provided by the CBN also considers constant monitoring of systems of third-party API users in the open banking system. TeamApt, a Nigeria-based fintech startup, has helped over 300,000 businesses use its digital banking platform and is anchored in open banking.\n\nThe company sees legislation such as the Nigeria Data Protection Regulation (NDPR) as a big consideration for companies dealing with personal data.\n\n\u201cDue to the sheer size of personally identifiable information being shared, in the hands of bad actors, this data can be used to pilfer bank accounts, erode credit ratings, and conduct identity theft on a large scale,\u201d said Tosin Eniolorunda, founder and CEO of TeamApt.\n\nOrganizations like banks also suffer using resources to recover stolen data, losing customer trust in the process, he said.\n\n\u201cThese regulations ensure that customers have some sort of control over how their data is collected, processed and shared,\u201d he says.\n\nThe Central Bank\u2019s regulation has also factored in the NDPR requirements to craft how financial institutions manage customer data, and the regulations outline that consent is needed for use of customer data in open banking to avail them of financial products and services.\n\nSix steps to achieve a secure open data platform\n\nThere are several steps IT experts can take to make sure customer data are in line with privacy laws, and that security across all systems is in place to shield these data points from leakage.\n\n1. Technology leaders must have their systems and processes adhere to privacy laws and the final guidelines to be published by the CBN. \u201cIt\u2019s important that executive teams work closely with lawyers who have the necessary data experience to advise on the requirements and implications of applicable regulations and guidelines like those released by the CBN on open banking,\u201d says Eniolorunda.\n\n2. Morka suggests that only a customer\u2019s information that\u2019s relevant to a transaction should be used\u2014something he calls fit-for-purpose data. Not all data points need to be exposed during transactions. CIOs need to ascertain what type of data can be enough for transactions to securely take place.\n\n3. Eniolorunda encourages the use of technology in know your customer (KYC) processes. Morka also says that the use of artificial intelligence (AI) should be implemented to make the process of KYC easier on financial institutions while making it accurate and efficient.\n\n4. There needs to be constant evaluation of banking systems and APIs used in transactions, according to Morka. In terms of supply chains, Eniolorunda adds that companies must ensure that third-party vendors they use have the highest possible security standards, and the security programs of these vendors must be routinely audited and validated.\n\n5. Customer education is key. Morka agrees that some technologies like smartphones and internet access have not reached most rural regions in African countries. This hinders the appropriate use of banking technology and slows down its adoption. For those who have embraced digital banking, constant education on how to keep their accounts secure is essential. \n\n6. The collaboration between stakeholders will make the banking ecosystem robust and guide its growth. The CBN, through its Open Banking Guidelines, seeks to ensure that its oversight affords more collaboration for superior digital banking products for customers.