IS OPEN BANKING IN NIGERIA RIGHT FOR YOU? PIONEERING GROWTH

By Geraldine Nzulumike Esq & Olugbami Ifeoluwa

Abstract

This article explains how open banking, a significant innovation in financial services that allows customers to securely share their personal banking information with licensed third-party firms, could reshape how individuals conduct financial transactions in Nigeria. This article describes traditional banking and outlines the potential benefits and risks of open banking, including concerns around data privacy. It highlights international open banking practices, explores legal protections available to bank customers in Nigeria, and provides guidance on what individuals should consider before opting into open banking.

Introduction

Open banking is a system that permits banks to securely share customer financial data with licensed third-party service providers, primarily financial technology (FinTech) companies, with the customers’ informed consent, and such technological innovations have contributed to advancements in the finance sector.

Although open banking offers opportunities for personalised financial services and improved competition, it also presents data privacy and cybersecurity risks. This article provides a holistic overview of open banking, including its contrast with traditional banking, its implementation globally, and the legal frameworks protecting bank customers/consumers. It also offers practical guidance as Nigeria prepares for the formal roll-out of open banking.

Traditional Banking

To fully understand the innovation introduced by open banking, it is essential to explain traditional banking. Despite significant technological advancements in the finance sector, such as the use of artificial intelligence (AI) and digital platforms, banks and most financial institutions continue to maintain a physical presence where customers can conduct financial transactions. This model, centred around the operation of physical bank branches, remains the crux of traditional banking.

Traditional banking refers to “depository institutions, such as commercial banks, savings and loans, and credit unions….”[1] As noted by S.S. Galazova and L.R. Magomaeva,[2] a key characteristic of the traditional banking model is its reliance on physical infrastructure and limited operating hours. In Nigeria, for example, banks typically operate from 8am to 4pm, Monday through Friday. Furthermore, access to banking services depends on the availability of bank branches and staff, in contrast to the 24/7 accessibility of digital banking platforms.

While many traditional banks have adopted elements of financial technology (FinTech), there remain distinctions between traditional banking and digital/electronic banking. Electronic banking, often called online or digital banking (including mobile banking), is defined as “a contemporary facility that provides conventional banking products and services through online platforms.”[3] Understanding these differences is critical to appreciating the innovation and disruption brought by open banking.

Open Banking

Open banking is a framework in which banks and financial institutions grant authorized third-party providers secure access to customers’ financial information using Application Programming Interfaces (APIs). Also referred to as ‘open bank data,’ this system allows third-party providers access to users’ banking details, including account information and transaction data from traditional banks and non-bank institutions, provided the customer has given explicit consent.

The data shared through open banking can be used for various purposes, such as comparing financial services, consolidating information from multiple institutions to build consumer profiles, or initiating transactions, and making changes to the user’s account on their behalf. ^[4]

APIs are a set of technical protocols that enable software systems to communicate and share data. In open banking, APIs serve as a conduit through which banks can offer their services and data to external platforms such as fintech applications, e-commerce services, or other financial institutions.^[5]  

Open Banking in Other Jurisdictions (Outside Nigeria)

Open banking is expanding globally, driven by evolving regulatory frameworks designed to facilitate secure data sharing. Regions such as the European Union (EU), United Kingdom (UK) and Australia have established regulatory standards such as the EU’s Payment Services Directive 2 (PSD2), the UK’s Open Banking API specifications, and Australia’s Consumer Data Right (CDR). These frameworks have significantly accelerated innovation in financial services through APIs.

In 2020, the European open banking was valued at approximately $6.15 billion, with projections estimating growth to $48.3 billion by 2030. The EU and the UK account for about 36.9% of the global market. Globally, the open banking market reached an estimated $25.14 billion in 2023 and is forecasted to grow at a compound annual growth rate (CAGR) of 27.4% through 2030. Adoption rates have increased by around 50% annually, reflecting growing acceptance and potential in global markets.[6]

1. Europe

The EU’s open banking ecosystem is governed by the PSD2, which mandates that banks allow third-party providers (TTPs) to access customer financial data through secure APIs, provided the customer has given explicit consent. Replacing PSD1, PSD2 was transposed into national laws across the EU to enhance competition, encourage innovation, and improve consumer protection.[7]

• United Kingdom

The UK’s open banking regime builds on PSD2 and the UK’s Payment Services Regulations (PSRs). It was implemented under the oversight of the Competition and Markets Authority (CMA), which created the Open Banking Implementation Entity (OBIE) in 2018. OBIE developed common API standards used by the nine largest UK banks (the CMA9 as well as other banks). These banks began granting third-party access to account data in 2018. UK banks also support advanced features like app-to-app redirection and biometric authentication, ensuring a seamless user experience. Payments are processed in real time using the Faster Payments network.

• United States

In the United States, the Consumer Financial Protection Bureau (CFPB) has introduced the Personal Financial Data Rights Rule (2024), empowering consumers to share their financial data freely and securely with third-party apps. This initiative replaces outdated practices like screen scraping with more secure and standardized APIs to enhance competition and user control. Approximately 100 million US consumers have shared their financial data with third parties. In 2025, Citizens Bank launched an open banking API for commercial clients, further demonstrating growing institutional participation.

• Australia

Australia’s approach to open banking is regulatory, governed by the Consumer Data Right (CDR). The CDR empowers consumers to share their personal and financial data with accredited entities, enabling tailored services and product offerings. While the country’s progress has been slower compared to other regions, the CDR ensures consumers retain full control over their data, deciding who can access it and for what purpose.[8]

• Singapore

Singapore has adopted a collaborative approach through the APIX (Application Programming Interface Exchange) platform, introduced by the Monetary Authority of Singapore. Though not a formal regulation, APIX serves as a global open banking marketplace and sandbox for APIs. It was created in partnership with the World Bank’s International Finance Corporation and the ASEAN Bankers Association to foster collaboration between financial institutions and fintech companies.[9]

• South Africa

In South Africa, open banking is emerging with the involvement of Account Information Service Providers (AISPs) and Payment Initiation Service Providers (PISPs), who can access financial data and initiate transactions on behalf of users. This model supports financial inclusion by offering unbanked individuals digital alternatives to cash and building credit profiles. Open banking is subject to the Protection of Personal Information Act 2013, which enforces strict rules around data processing and grants robust rights to individuals and legal entities.[10]

Open Banking, Data Breach, and Consumer Protection

Open banking’s key risk lies in data protection. Data breaches can cause damage to reputation, financial loss, revenue loss, identity theft, loss of trust, and legal consequences. In the case of UBA Plc v CA & Ors (2016) LPELR-40569(CA), the Court of Appeal affirmed that, “It is beyond doubt that a banker owes his customer a legal duty of confidentiality not to disclose information to third parties, and any breach of this duty could give rise to liability in damages if loss results … The duty is, however, qualified by a few exceptions.” Similarly, in Habib Nigeria Bank Limited v Fathudeen Syed M. Koya (1992) 7 NWLR (Pt. 251) 43 at 60, the Supreme Court held that “A bank owes a duty of care and secrecy to its customer….”

Even though open banking involves sharing customer data with licensed third parties such as FinTech companies, these court decisions emphasise the legal obligation of banks to protect customer data and maintain confidentiality. By enabling greater access to sensitive financial information, open banking introduces heightened risks around data privacy and potential breaches.

A recent report by Surfshark,[11] a global cybersecurity firm, revealed that Nigeria experienced 119,433 data breaches in the first quarter of 2025 alone, placing the country 34^th globally. Alarmingly, 10 out of every 100 Nigerians have reportedly suffered a data breach, making Nigeria one of the most affected countries in Sub-Saharan Africa.

While these figures raise serious concerns, the report also noted an 85% decrease in data breaches in Q1 2025 compared to Q4 2024. This potentially encouraging trend nonetheless highlights the ongoing importance of robust data protection measures in the era of open banking.

In its report,[12] the Financial Institutions Training Centre (FITC) stated that in Q3 2024, reported fraud cases in Nigeria rose to 19,007 (up from 11,532 in Q2 2024). The most common forms of fraud remained consistent with previous trends, involving computer/web-based fraud, mobile fraud, and POS-related fraud.

These fraudulent activities were carried out through multiple channels, including ATMs, online and mobile banking platforms, physical bank branches, POS terminals, and bank staff involvement.

Do you have a say on whether or not your bank data can be shared with third parties to facilitate open banking? The short answer is yes. But do you have a say on the specific data that is to be shared by your bank with a third party? Also, yes. The good news is that for open banking to work, the informed consent of the bank customer must be specifically obtained.

In the case of Dr Rom Okekearu v Danjuma Tanko (2002) 15 NWLR (Pt. 791) 657 at 670 the Supreme Court held that “consent is the act of giving approval or acceptance to something done or proposed to be done and is an exact conduct flowing from the person giving consent.” Also, in the case of Georgina Ahamefule v Imperial Medical Centre & Anor (2005) 5 NWLR (Pt. 917) 51 at 60, the court held “consent in legal parlance involves an element of volition, a voluntary agreement which is the deliberate and free act of the mind.” These cases support the fact that consent cannot be obtained haphazardly.

In Nigeria, there already exists a variety of laws that protect bank customers as consumers. Section 37 of the Constitution of the Federal Republic of Nigeria 1999 (as amended) provides that “the privacy of citizens, their homes, correspondence, telephone conversations and telegraphic communications is hereby guaranteed and protected.” In Omotayo v Airtel Networks Ltd (2025) LPELR-80342(CA), the court held that “the right to ‘privacy of citizens’ as guaranteed under the Section includes the right to protection of personal information and personal data.”

Regulations that can be relied on for the protection of bank customers or consumers from the possible negative consequences of open banking include:

1. Central Bank of Nigeria Operational Guidelines for Open Banking in Nigeria[13]

Approved in March 2023, the guidelines provide that the customer (data owner) “shall be required to provide consent for release of data for the purpose of accessing financial services.” The Guidelines also provide for the implementation of security standards and a data breach policy. Information is only to be shared with proof of the time-bound consent of the customer, which has been authenticated. The Guideline further provides the information to be presented to the customer for consent to be obtained. A customer shall be allowed to opt out of the open banking arrangement.

• Nigeria Data Protection Act 2023

This Act makes provisions for the right of a data subject, including their right to withdraw consent. It provides that a data controller or data processor “shall ensure that personal data is collected for specified, explicit, and legitimate purposes, and not to be further processed in a way incompatible with these purposes.” The Act also emphasises the importance of the informed consent of the data subject. Where the data subject is a child or a person incapable of giving consent, consent shall be obtained from the parent or legal guardian. It also provides for what is to be done in the event of a data breach.

• The Nigeria Data Protection Act (NDP Act) 2023 General Application and Implementation Directive (GAID) 2025[14]

As the name implies, the main objective of the GAID 2025 is to provide guidance for the implementation of the NDP Act. Data subjects protected by the Act include persons within Nigeria, regardless of nationality and migration status, persons whose personal data has been transferred to Nigeria, persons in transit through Nigeria, and a Nigerian citizen not within Nigeria. The Act is to serve as a common statutory authority subject to the 1999 Constitution for the protection of the privacy of data subjects. The GAID provides that in line with Section 46 of the 1999 Constitution (as amended), a data subject can seek redress in court for the violation of his or her data privacy rights. The GAID goes on to provide for principles of Data Protection.

• Central Bank of Nigeria Consumer Protection Framework 2016[15]

Under this Framework, a consumer is a person or entity that uses, has used or is a potential user of financial products or services of a financial institution (FI). The Framework provides consumer protection principles which mandate FIs to “provide accurate information on financial products and services to consumers at all times to enable them to make informed decisions.” The Framework also mandates FIs to guarantee the protection of consumer assets and privacy, guard them against fraud and protect their data. Effective complaint channels shall also be established for consumers. The Framework further makes provisions for the basic rights of consumers, including their right to consumer education.

• The Federal Competition and Consumer Protection Commission Act (FCCPA) 2018[16]

In creating notices, documents or visual representations aimed at informing consumers of open banking, the FCCPA provides that such notice, document or visual representation is to be in plain language understandable by a person of average literacy skills and minimal experience as a consumer. A consumer can enforce their rights under the Act either by going directly to Court, reporting to the Commission, or reporting to the applicable sector regulator with jurisdiction or referring the matter directly to the undertaking that supplied the goods or services.

• National Identity Management Commission Act 2007 (NIMC Act)[17]

The NIMC also plays a role in the protection of the personal information of bank customers. As bank accounts are linked to a national identification number (NIN), the NIMC has a mandate to “ensure the preservation, protection, sanctity and security (including cyber-security) of any information or data collected, obtained, maintained or stored in respect of the National Identity Database.”

• The Illiterates Protection Act 1958

Although not included in the Laws of the Federal Republic of Nigeria, this Act can also be relied on to protect bank customers. In Okokon John v The State (2017) 16 NWLR (PT. 1591) 304 at 348-349, the Supreme Court held that “the Illiterates Protection Law avails an illiterate in civil causes and in respect of documents recorded by another at his instance. Where the document creates legal rights and the writer benefits thereunder, the law steps in to protect the illiterate from any fraud by requiring the writer to strictly comply with its requirements …. The effect of failure to comply strictly with the provisions of the law … is to render the document inadmissible.”

Other regulations that support the protection of bank customers include:

1. Consumer Code of Practice Regulations 2007 (NCC Regulations)
2. Credit Reporting Act 2017
3. Cybercrimes (Prohibition, Prevention, Etc) Act 2015 (Cybercrimes Act)
4. Freedom of Information Act, 2011 (FOI Act)
5. Child’s Rights Act 2003

Is Open Banking In Nigeria Right For You?

Open banking is reshaping the financial services industry by allowing customers to securely share their financial data with authorised third-party providers. While this innovation brings significant benefits, it also introduces risks. Understanding the advantages and potential drawbacks of open banking is essential for making informed decisions. Below are key benefits and risks associated with open banking:

• Benefits of Open Banking
• Enhanced Customer Experience and Centralised Services. Open banking enables users to access and manage multiple accounts from different banks or financial institutions through a single, unified dashboard. This centralised view simplifies financial management and improves user convenience.[18]
• Broader Access to Financial Products and Services. Customers can access a broader range of financial products and services, including loans, insurance, investment tools, credit products, and budgeting services tailored to their needs. These offerings are often made possible through collaborations between traditional banks and fintech companies, fostering financial inclusion and affordability.
• Faster and More Efficient Payments. Open banking facilitates direct bank-to-bank transfers, which are typically faster and less expensive than traditional payment methods. Reduced processing times and fees benefit both consumers and merchants.
• Greater Transparency and Control. Users maintain full control over their data by granting or denying access to third parties. They can monitor all their accounts from one platform and manage how their data is used, increasing trust and transparency.
• Improved Data Security and Consent Management. Despite involving broader data sharing, open banking offers enhanced control over who can access your data, what is shared, and for how long, as consent is central to the model and users must explicitly authorise data sharing.

• Risks and Challenges of Open Banking
• Privacy and Data Security Concerns. While APIs are designed to be secure, risks remain. Malicious apps, data breaches, hacking, or insider threats could compromise sensitive financial information. As data becomes more interconnected, vulnerabilities may increase.
• Scams and Fraud. Cybercriminals may exploit open banking systems through phishing, malware or social engineering attacks. If a user is tricked into giving access to a fraudulent app, their financial data or account could be compromised.
• Complexity and Lack of Consumer Understanding. Many users may not fully understand how open banking works or the implications of sharing their data. Without clear communication and education, consumers might unknowingly consent to unfavourable terms or unnecessary risks.[19]
• Digital Divide and Accessibility Issues. Open banking assumes digital literacy and access to internet-enabled devices. This could marginalise individuals who lack digital skills or do not have regular internet access, leading to exclusion from its benefits.

Conclusion

Open banking is poised to transform Nigeria’s financial ecosystem by enabling secure data sharing between banks, fintechs, and other authorised third parties through APIs, which will drive innovation, enhance financial inclusion, and improve consumer choice.

The benefits of open banking in Nigeria are promising: centralised access to financial services, faster and more cost-effective payments, and broader access to tailored financial products. Yet, these advantages come with challenges, particularly in areas such as data protection, consent management, cybersecurity, and user education.

Until open banking officially launches in Nigeria, stay informed, educate yourself, and review your data sharing habits. Understanding your rights and risks as a consumer or your obligations as a service provider is essential to safely navigating this evolving space.

As Nigeria enters this new era of financial services, legal and regulatory compliance will be fundamental to success. Businesses, financial institutions, and fintech providers must proactively understand and adhere to the emerging legal framework. Likewise, consumers need assurance that their data rights are protected within this rapidly advancing ecosystem.

Lehi Attorneys, is a top law firm in Nigeria that offers expert legal advice on data protection compliance, fintech regulation, and other corporate and commercial law areas. A startup navigating the CBN’s open banking framework, a financial institution seeking to mitigate legal risks or a bank customer, our team is equipped to navigate the ever changing landscape.

Address: Block E-2, Edo Court, Gaduwa Estate, Constitution Avenue, Abuja

Email: info@lehiattorneys.com www.lehiattorneys.com

Caveat! The content of this article is for educational purposes and is intended to provide a general understanding of the topic discussed. It is not intended to serve as legal advice whatsoever. If the contents appeal to you and you would want further clarification on any of the points raised therein, do not hesitate to reach out to our team.

Contact us today to learn how we can help you stay compliant, secure, and competitive in Nigeria’s evolving open financial landscape.

---

[1] Scharaga, E, ‘What is the Traditional Banking Model?’ (2020) <https://www.ericscharaga.com/post/what-is-the-traditional-banking-model>  accessed 2 June 2025

[2] Galazova S.S. and Magomaeva L.R, ‘The Transformation of Traditional Banking Activity in Digital’ (2019) International Journal of Economics and Business Administration, 7 (Special Issue 2), 41-51

[3] Herbert Farai Mapxashike, Nyasha Nyamuziwa, Tapiwa F. Masendu and Gwinyai Mafumbate, ‘Impact of e-banking on traditional banking services’ (2018) Journal of Strategic Studies: A Journal of the Southern Bureau of Strategic Studies Trust, Vol.9 No.1

[4] The Investopedia Team, ‘Open Banking: Definition, How It Works, and Risks’ (Updated May 10, 2024) <https://www.investopedia.com/terms/o/open-banking.asp> accessed 3 June 2025

[5] Alex Malyshev, ‘API Banking: The Power, Definitions, Types and Benefits’ (14 April 2025) SDK Finance <https://sdk.finance/api-in-banking-types-and> accessed 2 June 2025

[6] Adam Preis, ‘How Identity Can Power CFPB’s Personal Financial Data Rights Rule’ (24 October 2024) Ping Identity blog <https://www.pingidentity.com/en/resources/blog/post/open-banking-us.html?utm_source=chatgpt.com> accessed 3 June 2025

[7] ‘Open banking around the world’ <https://truelayer.com/reports/open-banking-guide/open-banking-around-the-world/ > accessed 4 June 2025

[8]Jekaterina Drozdovica, ‘Open Banking Regulations: A Comparative Study Across Continents (10 January 2025) <https://noda.live/articles/open-banking-regulations?utm_source=chatgpt.com> accessed 4 June 2025

[9] Jekaterina Drozdovica, ‘Open Banking Regulations: A Comparative Study Across Continents’ (10 January 2025) <https://noda.live/articles/open-banking-regulations?utm_source=chatgpt.com > accessed 4 June 2025

[10] ‘The regulation of open banking in South Africa’ (15 December 2021) ENSafrica <https://www.afriwise.com/blog/the-regulation-of-open-banking-in-south-africa> accessed 4 June 2025

[11] ‘Global Data Breach Statistics’ <https://surfshark.com/research/data-breach-monitoring> accessed 2 June 2025

[12] ‘Reports on Fraud and Forgeries in Nigerian Banks Quarter 3 2024’ <https://fitc-ng.com/wp-content/uploads/2024/09/Fraud-and-Forgery-2024-2nd-Quarter.pdf> accessed 2 June 2025

[13] ‘Central Bank of Nigeria Operational Guidelines for Open Banking in Nigeria’ <https://www.cbn.gov.ng/Out/2023/CCD/Operational%20Guidelines%20for%20Open%20Banking%20in%20Nigeria.pdf> accessed 3 June 2025

[14] ‘The Nigeria Data Protection Act (NDP Act) 2023 General Application and Implementation Directive (GAID) 2025’ <https://ndpc.gov.ng/wp-content/uploads/2025/03/NDP-ACT-GAID-2025-MARCH-20TH.pdf> accessed 3 June 2025  

[15] ‘Release of Consumer Protection Framework for Banks and Other Financial Institutions Regulated by the Central Bank of Nigeria, 7 November 2016 ’ <https://www.cbn.gov.ng/out/2016/cfpd/consumer%20protection%20framework%20(final).pdf> accessed 3 June 2025

[16] ‘Federal Republic of Nigeria Official Gazette, Lagos 1^st February 2019 No.18 Vol. 106 Federal Competition and Consumer Protection Act 2018’ <https://fccpc.gov.ng/wp-content/uploads/2022/07/FCCPA-2018.pdf> accessed 3 June 2025

[17] ‘National Identity Management Commission Act’  <https://ngfrepository.org.ng:8443/bitstream/123456789/946/3/NATIONAL-IDENTITY-MANAGEMENT-COMMISSION-ACT.pdf> accessed 3 June 2025

[18]Jessica Ferreira, ‘What Is Open Banking And How Can It Benefit Banking Customers?’ (updated 11 September 2024) <https://www.sydle.com/blog/open-banking-65030cf8697d3e430a055739> accessed 4 June 2025 

[19] David Roldán Martínez, Diogo Marques, ‘Navigating Open Banking – Strategies, Implications, and Key Insight’ (13 November 2023) <https://www.sensedia.com/post/navigating-open-banking-strategies-implications-and-key-> accessed 4 June 2025